Bugfix: the new code for header address quoting sometimes did not
null terminate strings so that arbitrary garbage could appear at
the end of message headers.  Reported by Ralf Hildebrandt.  File:
global/tok822_parse.c.

Safety: user@domain@domain is no longer accepted by the permit_mx_backup
uce restriction (unless Postfix is configured with
"resolve_dequoted_address = no"). Victor Duchovny, Morgan Stanley.
File: smtpd/smtpd_check.c.

Prereq: "1.1.9"
diff -cr /tmp/postfix-1.1.9/src/global/mail_version.h ./src/global/mail_version.h
*** /tmp/postfix-1.1.9/src/global/mail_version.h	Sun May 12 20:15:31 2002
--- ./src/global/mail_version.h	Tue May 14 18:29:09 2002
***************
*** 21,34 ****
    * release date only, unless they include the same bugfix as a patch release.
    */
  #define VAR_MAIL_VERSION	"mail_version"
! #define DEF_MAIL_VERSION	"1.1.9"
  extern char *var_mail_version;
  
   /*
    * Release date.
    */
  #define VAR_MAIL_RELEASE	"mail_release_date"
! #define DEF_MAIL_RELEASE	"20020513"
  extern char *var_mail_release;
  
  /* LICENSE
--- 21,34 ----
    * release date only, unless they include the same bugfix as a patch release.
    */
  #define VAR_MAIL_VERSION	"mail_version"
! #define DEF_MAIL_VERSION	"1.1.10"
  extern char *var_mail_version;
  
   /*
    * Release date.
    */
  #define VAR_MAIL_RELEASE	"mail_release_date"
! #define DEF_MAIL_RELEASE	"20020514"
  extern char *var_mail_release;
  
  /* LICENSE
diff -cr /tmp/postfix-1.1.9/HISTORY ./HISTORY
*** /tmp/postfix-1.1.9/HISTORY	Mon May 13 16:10:41 2002
--- ./HISTORY	Tue May 14 18:26:38 2002
***************
*** 6301,6306 ****
--- 6301,6318 ----
  	more correct, but it opens a mail relay loophole with "user
  	@domain"@domain when relaying mail to a Sendmail system.
  
+ 20020514
+ 
+ 	Bugfix: the new code for header address quoting sometimes
+ 	did not null terminate strings so that arbitrary garbage
+ 	could appear at the end of message headers.  Reported by
+ 	Ralf Hildebrandt.  File:  global/tok822_parse.c.
+ 
+ 	Safety: user@domain@domain is no longer accepted by the
+ 	permit_mx_backup uce restriction (unless Postfix is configured
+ 	with "resolve_dequoted_address = no"). Victor Duchovny,
+ 	Morgan Stanley. File: smtpd/smtpd_check.c.
+ 
  Open problems:
  
  	Low: sendmail does not store null command-line recipients.
diff -cr /tmp/postfix-1.1.9/RELEASE_NOTES ./RELEASE_NOTES
*** /tmp/postfix-1.1.9/RELEASE_NOTES	Mon May 13 16:11:12 2002
--- ./RELEASE_NOTES	Tue May 14 18:16:52 2002
***************
*** 12,17 ****
--- 12,26 ----
  date. Snapshots change only the release date, unless they include
  the same bugfix as a patch release.
  
+ Incompatible changes with Postfix version 1.1.10 (released 20020514)
+ ====================================================================
+ 
+ For safety reasons, the permit_mx_backup restriction no longer
+ accepts mail for user@domain@domain. To recover the old behavior,
+ specify "resolve_dequoted_address = no" which opens up a completely
+ different can of worms as described a few paragraphs down in this
+ document.
+ 
  Incompatible changes with Postfix version 1.1.9 (released 20020513)
  ===================================================================
  
diff -cr /tmp/postfix-1.1.9/src/global/tok822_parse.c ./src/global/tok822_parse.c
*** /tmp/postfix-1.1.9/src/global/tok822_parse.c	Sun May 12 19:58:32 2002
--- ./src/global/tok822_parse.c	Tue May 14 17:06:53 2002
***************
*** 247,253 ****
  	     */
  	case TOK822_ADDR:
  	    tmp = vstring_alloc(100);
! 	    tok822_internalize(tmp, tp->head, TOK822_STR_NONE);
  	    quote_822_local_flags(vp, vstring_str(tmp),
  				  QUOTE_FLAG_8BITCLEAN | QUOTE_FLAG_APPEND);
  	    vstring_free(tmp);
--- 247,253 ----
  	     */
  	case TOK822_ADDR:
  	    tmp = vstring_alloc(100);
! 	    tok822_internalize(tmp, tp->head, TOK822_STR_TERM);
  	    quote_822_local_flags(vp, vstring_str(tmp),
  				  QUOTE_FLAG_8BITCLEAN | QUOTE_FLAG_APPEND);
  	    vstring_free(tmp);
diff -cr /tmp/postfix-1.1.9/src/smtpd/smtpd_check.c ./src/smtpd/smtpd_check.c
*** /tmp/postfix-1.1.9/src/smtpd/smtpd_check.c	Mon May 13 13:51:26 2002
--- ./src/smtpd/smtpd_check.c	Tue May 14 17:13:03 2002
***************
*** 1281,1297 ****
      if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0)
  	return (SMTPD_CHECK_OK);
      domain += 1;
-     if (resolve_final(state, recipient, domain))
- 	return (SMTPD_CHECK_OK);
- 
-     if (msg_verbose)
- 	msg_info("%s: not local: %s", myname, recipient);
  
      /*
!      * Skip source-routed mail (uncertain destination).
       */
      if (var_allow_untrust_route == 0 && (reply->flags & RESOLVE_FLAG_ROUTED))
  	return (SMTPD_CHECK_DUNNO);
  
      /*
       * Skip numerical forms that didn't match the local system.
--- 1281,1301 ----
      if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0)
  	return (SMTPD_CHECK_OK);
      domain += 1;
  
      /*
!      * Skip source-routed non-local or virtual mail (uncertain destination).
       */
      if (var_allow_untrust_route == 0 && (reply->flags & RESOLVE_FLAG_ROUTED))
  	return (SMTPD_CHECK_DUNNO);
+ 
+     /*
+      * The destination is local, or it is a local virtual destination.
+      */
+     if (resolve_final(state, recipient, domain))
+ 	return (SMTPD_CHECK_OK);
+ 
+     if (msg_verbose)
+ 	msg_info("%s: not local: %s", myname, recipient);
  
      /*
       * Skip numerical forms that didn't match the local system.