Prereq: "2.10.8" diff -cr --new-file /var/tmp/postfix-2.10.8/src/global/mail_version.h ./src/global/mail_version.h *** /var/tmp/postfix-2.10.8/src/global/mail_version.h 2015-07-20 19:18:59.000000000 -0400 --- ./src/global/mail_version.h 2015-10-10 11:35:10.000000000 -0400 *************** *** 20,27 **** * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20150720" ! #define MAIL_VERSION_NUMBER "2.10.8" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE --- 20,27 ---- * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20151010" ! #define MAIL_VERSION_NUMBER "2.10.9" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -cr --new-file /var/tmp/postfix-2.10.8/HISTORY ./HISTORY *** /var/tmp/postfix-2.10.8/HISTORY 2015-07-19 19:20:38.000000000 -0400 --- ./HISTORY 2015-10-10 10:43:32.000000000 -0400 *************** *** 18440,18442 **** --- 18440,18474 ---- SSLv2 or SSLv3. See the RELEASE_NOTES file for how to get the old settings back. Files: global/mail_params.h, proto/postconf.proto, and files derived from those. + + 20150923 + + Bugfix (introduced: 20120531-617): the Postfix SMTP server + used a larger-than-1 VSTREAM buffer to read the HAProxy + connection hand-off information. This broke TLS wrappermode, + as the TLS helo packet would end up in the plaintext VSTREAM + buffer. Reported by Lukas Erlacher. File: smtpd/smtpd_haproxy.c. + + 20150924 + + Bugfix (introduced: 20090216-24): incorrect postmulti error + message. Reported by Patrik Koetter. Fix by Viktor Dukhovni. + File: postmulti/postmulti.c. + + Workaround: don't create a new instance when the template + main.cf and master.cf files are missing, as happens on + Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script. + + 20150925 + + Bugfix (introduced: 19970309, fixed 20150421 in development + release): reset errno before calling readdir(), in order + to distinguish between an end-of-directory and an error + condition. File: scandir.c. + + 20150930 + + Bugfix (introduced: 20040124): Milter client panic while + adding a header, because the PREPEND action used the same + output function for header_checks and body_checks. Viktor + Dukhovni and Wietse. File: cleanup/cleanup_message.c. diff -cr --new-file /var/tmp/postfix-2.10.8/conf/postmulti-script ./conf/postmulti-script *** /var/tmp/postfix-2.10.8/conf/postmulti-script 2009-08-02 19:02:59.000000000 -0400 --- ./conf/postmulti-script 2015-10-10 10:38:14.000000000 -0400 *************** *** 127,132 **** --- 127,137 ---- fatal "'$config_directory' lacks a master.cf file" } + test -f $daemon_directory/main.cf || + fatal "Missing main.cf prototype: $daemon_directory/main.cf" + test -f $daemon_directory/master.cf || + fatal "Missing master.cf prototype: $daemon_directory/master.cf" + # Create instance-specific directories # test -d $config_directory || diff -cr --new-file /var/tmp/postfix-2.10.8/src/cleanup/cleanup_message.c ./src/cleanup/cleanup_message.c *** /var/tmp/postfix-2.10.8/src/cleanup/cleanup_message.c 2014-10-18 17:40:07.000000000 -0400 --- ./src/cleanup/cleanup_message.c 2015-10-10 10:38:14.000000000 -0400 *************** *** 385,395 **** if (STREQUAL(value, "PREPEND", command_len)) { if (*optional_text == 0) { msg_warn("PREPEND action without text in %s map", map_class); ! } else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0 ! && !is_header(optional_text)) { ! msg_warn("bad PREPEND header text \"%s\" in %s map -- " ! "need \"headername: headervalue\"", ! optional_text, map_class); } else { cleanup_act_log(state, "prepend", context, buf, optional_text); cleanup_out_string(state, REC_TYPE_NORM, optional_text); --- 385,404 ---- if (STREQUAL(value, "PREPEND", command_len)) { if (*optional_text == 0) { msg_warn("PREPEND action without text in %s map", map_class); ! } else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0) { ! if (!is_header(optional_text)) { ! msg_warn("bad PREPEND header text \"%s\" in %s map -- " ! "need \"headername: headervalue\"", ! optional_text, map_class); ! } else { ! VSTRING *temp; ! ! cleanup_act_log(state, "prepend", context, buf, optional_text); ! temp = vstring_strcpy(vstring_alloc(strlen(optional_text)), ! optional_text); ! cleanup_out_header(state, temp); ! vstring_free(temp); ! } } else { cleanup_act_log(state, "prepend", context, buf, optional_text); cleanup_out_string(state, REC_TYPE_NORM, optional_text); diff -cr --new-file /var/tmp/postfix-2.10.8/src/postmulti/postmulti.c ./src/postmulti/postmulti.c *** /var/tmp/postfix-2.10.8/src/postmulti/postmulti.c 2012-01-24 19:41:08.000000000 -0500 --- ./src/postmulti/postmulti.c 2015-10-10 10:38:14.000000000 -0400 *************** *** 1685,1691 **** case 'e': if ((code = EDIT_CMD_CODE(optarg)) < 0) msg_fatal("Invalid '-e' edit action '%s'. Specify '%s', " ! "'%s', '%s', '%s', '%s', '%s', '%s', '%s' or '%s'", optarg, EDIT_CMD_STR(EDIT_CMD_CREATE), EDIT_CMD_STR(EDIT_CMD_DESTROY), --- 1685,1691 ---- case 'e': if ((code = EDIT_CMD_CODE(optarg)) < 0) msg_fatal("Invalid '-e' edit action '%s'. Specify '%s', " ! "'%s', '%s', '%s', '%s', '%s', '%s' or '%s'", optarg, EDIT_CMD_STR(EDIT_CMD_CREATE), EDIT_CMD_STR(EDIT_CMD_DESTROY), *************** *** 1694,1701 **** EDIT_CMD_STR(EDIT_CMD_ENABLE), EDIT_CMD_STR(EDIT_CMD_DISABLE), EDIT_CMD_STR(EDIT_CMD_ASSIGN), ! EDIT_CMD_STR(EDIT_CMD_INIT), ! optarg); if (cmd_mode != code) command_mode_count++; cmd_mode = code; --- 1694,1700 ---- EDIT_CMD_STR(EDIT_CMD_ENABLE), EDIT_CMD_STR(EDIT_CMD_DISABLE), EDIT_CMD_STR(EDIT_CMD_ASSIGN), ! EDIT_CMD_STR(EDIT_CMD_INIT)); if (cmd_mode != code) command_mode_count++; cmd_mode = code; diff -cr --new-file /var/tmp/postfix-2.10.8/src/smtpd/smtpd_haproxy.c ./src/smtpd/smtpd_haproxy.c *** /var/tmp/postfix-2.10.8/src/smtpd/smtpd_haproxy.c 2012-06-30 17:12:00.000000000 -0400 --- ./src/smtpd/smtpd_haproxy.c 2015-10-10 10:38:14.000000000 -0400 *************** *** 96,101 **** --- 96,109 ---- VSTRING *escape_buf; /* + * While reading HAProxy handshake information, don't buffer input beyond + * the end-of-line. That would break the TLS wrappermode handshake. + */ + vstream_control(state->client, + VSTREAM_CTL_BUFSIZE, 1, + VSTREAM_CTL_END); + + /* * Note: the haproxy_srvr_parse() routine performs address protocol * checks, address and port syntax checks, and converts IPv4-in-IPv6 * address string syntax (:ffff::1.2.3.4) to IPv4 syntax where permitted *************** *** 142,147 **** --- 150,162 ---- * Avoid surprises in the Dovecot authentication server. */ state->dest_addr = mystrdup(smtp_server_addr.buf); + + /* + * Enable normal buffering. + */ + vstream_control(state->client, + VSTREAM_CTL_BUFSIZE, VSTREAM_BUFSIZE, + VSTREAM_CTL_END); return (0); } } diff -cr --new-file /var/tmp/postfix-2.10.8/src/util/scan_dir.c ./src/util/scan_dir.c *** /var/tmp/postfix-2.10.8/src/util/scan_dir.c 2006-06-26 08:59:19.000000000 -0400 --- ./src/util/scan_dir.c 2015-10-10 09:59:27.000000000 -0400 *************** *** 78,83 **** --- 78,84 ---- #endif #endif #include + #include /* Utility library. */ *************** *** 177,182 **** --- 178,190 ---- #define STREQ(x,y) (strcmp((x),(y)) == 0) if (info) { + + /* + * Fix 20150421: readdir() does not reset errno after reaching the + * end-of-directory. This dates back all the way to the initial + * implementation of 19970309. + */ + errno = 0; while ((dp = readdir(info->dir)) != 0) { if (STREQ(dp->d_name, ".") || STREQ(dp->d_name, "..")) { if (msg_verbose > 1)