Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/ibm-public/postfix/dist Update Postfix to version 2...
details: https://anonhg.NetBSD.org/src/rev/afbb24e81c2c
branches: trunk
changeset: 326103:afbb24e81c2c
user: tron <tron%NetBSD.org@localhost>
date: Sat Jan 18 17:04:03 2014 +0000
description:
Update Postfix to version 2.10.3. Changes since version 2.10.2:
- Future proofing against OpenSSL library API changes. When support
for a bug workaround is removed from OpenSSL, the corresponding
named bit in tls_disable_workarounds will be ignored instead of
causing existing Postfix configurations to fail.
- The postconf '-#' option reset prior options instead of adding to them.
- Correct an error in MULTI_INSTANCE_README Makefile example.
- Correct an error in SASL_README PostgreSQL example.
- Correct a malformed error message in conf/post-install.
diffstat:
external/ibm-public/postfix/dist/HISTORY | 33 ++++
external/ibm-public/postfix/dist/README_FILES/MULTI_INSTANCE_README | 2 +-
external/ibm-public/postfix/dist/README_FILES/SASL_README | 2 +-
external/ibm-public/postfix/dist/conf/post-install | 4 +-
external/ibm-public/postfix/dist/html/MULTI_INSTANCE_README.html | 2 +-
external/ibm-public/postfix/dist/html/SASL_README.html | 2 +-
external/ibm-public/postfix/dist/proto/MULTI_INSTANCE_README.html | 2 +-
external/ibm-public/postfix/dist/proto/SASL_README.html | 2 +-
external/ibm-public/postfix/dist/src/global/mail_version.h | 6 +-
external/ibm-public/postfix/dist/src/postconf/postconf.c | 4 +-
external/ibm-public/postfix/dist/src/tls/tls_misc.c | 78 ++++++---
external/ibm-public/postfix/dist/src/util/dict_pcre.c | 17 +-
12 files changed, 107 insertions(+), 47 deletions(-)
diffs (truncated from 352 to 300 lines):
diff -r c8a89f0be1bb -r afbb24e81c2c external/ibm-public/postfix/dist/HISTORY
--- a/external/ibm-public/postfix/dist/HISTORY Sat Jan 18 16:51:44 2014 +0000
+++ b/external/ibm-public/postfix/dist/HISTORY Sat Jan 18 17:04:03 2014 +0000
@@ -18306,3 +18306,36 @@
encryption key for each smtpd(8) process. The workaround
turns off session tickets. In 2.11 we'll enable session
tickets properly. Viktor Dukhovni. File: tls/tls_server.c.
+
+20131026
+
+ Future proofing: API changes in the PCRE library. File:
+ util/dict_pcre.c.
+
+20131127
+
+ Bugfix (introduced: 20090106): the postconf '-#' option
+ erased prior options. File: postconf/postconf.c.
+
+20131129
+
+ Bugfix: Makefile example in MULTI_INSTANCE_README. Viktor
+ Dukhovni. File: proto/MULTI_INSTANCE_README.html.
+
+20131216
+
+ OpenSSL future proofing: tolerate disappearance of named
+ bug-workaround bits without invalidating tls_disable_workarounds
+ configurations. When support for a bug workaround is removed
+ from OpenSSL, the corresponding bit is defined as zero (i.e.
+ NOOP) instead of causing programs to break. Viktor Dukhovni.
+ File: tls/tls_misc.c.
+
+20131220
+
+ Documentation: typo in SASL_README. Patrick Ben Koetter.
+ File: proto/SASL_README.html.
+
+20140104
+
+ Bugfix: malformed error message. File: conf/post-install.
diff -r c8a89f0be1bb -r afbb24e81c2c external/ibm-public/postfix/dist/README_FILES/MULTI_INSTANCE_README
--- a/external/ibm-public/postfix/dist/README_FILES/MULTI_INSTANCE_README Sat Jan 18 16:51:44 2014 +0000
+++ b/external/ibm-public/postfix/dist/README_FILES/MULTI_INSTANCE_README Sat Jan 18 17:04:03 2014 +0000
@@ -177,7 +177,7 @@
generic: Makefile
@echo Creating $@
@rm -f $@.tmp
- @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp
+ @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` > $@.tmp
@mv $@.tmp generic
%.cdb: %
diff -r c8a89f0be1bb -r afbb24e81c2c external/ibm-public/postfix/dist/README_FILES/SASL_README
--- a/external/ibm-public/postfix/dist/README_FILES/SASL_README Sat Jan 18 16:51:44 2014 +0000
+++ b/external/ibm-public/postfix/dist/README_FILES/SASL_README Sat Jan 18 17:04:03 2014 +0000
@@ -478,7 +478,7 @@
sql_user: username
sql_passwd: secret
sql_database: dbname
- sql_select: SELECT password FROM users WHERE user = '%u'@'%r'
+ sql_select: SELECT password FROM users WHERE user = '%u@%r'
N�No�ot�te�e
diff -r c8a89f0be1bb -r afbb24e81c2c external/ibm-public/postfix/dist/conf/post-install
--- a/external/ibm-public/postfix/dist/conf/post-install Sat Jan 18 16:51:44 2014 +0000
+++ b/external/ibm-public/postfix/dist/conf/post-install Sat Jan 18 17:04:03 2014 +0000
@@ -1,5 +1,5 @@
#!/bin/sh
-# $NetBSD: post-install,v 1.1.1.4 2013/09/25 19:06:20 tron Exp $
+# $NetBSD: post-install,v 1.1.1.5 2014/01/18 17:04:06 tron Exp $
#
# To view the formatted manual page of this file, type:
@@ -466,7 +466,7 @@
case $type in
[hl]) continue;;
[df]) ;;
- *) echo unknown type $type for $path in $daemon_directory/postfix-files1>&2; exit 1;;
+ *) echo unknown type $type for $path in $daemon_directory/postfix-files 1>&2; exit 1;;
esac
# Expand $name, and canonicalize null fields.
for name in path owner group flags
diff -r c8a89f0be1bb -r afbb24e81c2c external/ibm-public/postfix/dist/html/MULTI_INSTANCE_README.html
--- a/external/ibm-public/postfix/dist/html/MULTI_INSTANCE_README.html Sat Jan 18 16:51:44 2014 +0000
+++ b/external/ibm-public/postfix/dist/html/MULTI_INSTANCE_README.html Sat Jan 18 17:04:03 2014 +0000
@@ -233,7 +233,7 @@
generic: Makefile
@echo Creating $@
@rm -f $@.tmp
- @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp
+ @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` > $@.tmp
@mv $@.tmp generic
%.<a href="CDB_README.html">cdb</a>: %
diff -r c8a89f0be1bb -r afbb24e81c2c external/ibm-public/postfix/dist/html/SASL_README.html
--- a/external/ibm-public/postfix/dist/html/SASL_README.html Sat Jan 18 16:51:44 2014 +0000
+++ b/external/ibm-public/postfix/dist/html/SASL_README.html Sat Jan 18 17:04:03 2014 +0000
@@ -784,7 +784,7 @@
sql_user: username
sql_passwd: secret
sql_database: dbname
- sql_select: SELECT password FROM users WHERE user = '%u'@'%r'
+ sql_select: SELECT password FROM users WHERE user = '%u@%r'
</pre>
</blockquote>
diff -r c8a89f0be1bb -r afbb24e81c2c external/ibm-public/postfix/dist/proto/MULTI_INSTANCE_README.html
--- a/external/ibm-public/postfix/dist/proto/MULTI_INSTANCE_README.html Sat Jan 18 16:51:44 2014 +0000
+++ b/external/ibm-public/postfix/dist/proto/MULTI_INSTANCE_README.html Sat Jan 18 17:04:03 2014 +0000
@@ -233,7 +233,7 @@
generic: Makefile
@echo Creating $@
@rm -f $@.tmp
- @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp
+ @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` > $@.tmp
@mv $@.tmp generic
%.cdb: %
diff -r c8a89f0be1bb -r afbb24e81c2c external/ibm-public/postfix/dist/proto/SASL_README.html
--- a/external/ibm-public/postfix/dist/proto/SASL_README.html Sat Jan 18 16:51:44 2014 +0000
+++ b/external/ibm-public/postfix/dist/proto/SASL_README.html Sat Jan 18 17:04:03 2014 +0000
@@ -784,7 +784,7 @@
sql_user: username
sql_passwd: secret
sql_database: dbname
- sql_select: SELECT password FROM users WHERE user = '%u'@'%r'
+ sql_select: SELECT password FROM users WHERE user = '%u@%r'
</pre>
</blockquote>
diff -r c8a89f0be1bb -r afbb24e81c2c external/ibm-public/postfix/dist/src/global/mail_version.h
--- a/external/ibm-public/postfix/dist/src/global/mail_version.h Sat Jan 18 16:51:44 2014 +0000
+++ b/external/ibm-public/postfix/dist/src/global/mail_version.h Sat Jan 18 17:04:03 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mail_version.h,v 1.1.1.19 2013/09/25 19:06:31 tron Exp $ */
+/* $NetBSD: mail_version.h,v 1.1.1.20 2014/01/18 17:04:17 tron Exp $ */
#ifndef _MAIL_VERSION_H_INCLUDED_
#define _MAIL_VERSION_H_INCLUDED_
@@ -22,8 +22,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20130905"
-#define MAIL_VERSION_NUMBER "2.10.2"
+#define MAIL_RELEASE_DATE "20140116"
+#define MAIL_VERSION_NUMBER "2.10.3"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -r c8a89f0be1bb -r afbb24e81c2c external/ibm-public/postfix/dist/src/postconf/postconf.c
--- a/external/ibm-public/postfix/dist/src/postconf/postconf.c Sat Jan 18 16:51:44 2014 +0000
+++ b/external/ibm-public/postfix/dist/src/postconf/postconf.c Sat Jan 18 17:04:03 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: postconf.c,v 1.1.1.6 2013/09/25 19:06:33 tron Exp $ */
+/* $NetBSD: postconf.c,v 1.1.1.7 2014/01/18 17:04:19 tron Exp $ */
/*++
/* NAME
@@ -476,7 +476,7 @@
cmd_mode |= FOLD_LINE;
break;
case '#':
- cmd_mode = COMMENT_OUT;
+ cmd_mode |= COMMENT_OUT;
break;
case 'h':
cmd_mode &= ~SHOW_NAME;
diff -r c8a89f0be1bb -r afbb24e81c2c external/ibm-public/postfix/dist/src/tls/tls_misc.c
--- a/external/ibm-public/postfix/dist/src/tls/tls_misc.c Sat Jan 18 16:51:44 2014 +0000
+++ b/external/ibm-public/postfix/dist/src/tls/tls_misc.c Sat Jan 18 17:04:03 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: tls_misc.c,v 1.1.1.7 2013/09/25 19:06:33 tron Exp $ */
+/* $NetBSD: tls_misc.c,v 1.1.1.8 2014/01/18 17:04:20 tron Exp $ */
/*++
/* NAME
@@ -243,59 +243,72 @@
#define NAMEBUG(x) #x, SSL_OP_##x
static const LONG_NAME_MASK ssl_bug_tweaks[] = {
-#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
- NAMEBUG(MICROSOFT_SESS_ID_BUG), /* 0x00000001L */
+#ifndef SSL_OP_MICROSOFT_SESS_ID_BUG
+#define SSL_OP_MICROSOFT_SESS_ID_BUG 0
#endif
+ NAMEBUG(MICROSOFT_SESS_ID_BUG),
-#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
- NAMEBUG(NETSCAPE_CHALLENGE_BUG), /* 0x00000002L */
+#ifndef SSL_OP_NETSCAPE_CHALLENGE_BUG
+#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0
#endif
+ NAMEBUG(NETSCAPE_CHALLENGE_BUG),
-#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
- NAMEBUG(LEGACY_SERVER_CONNECT), /* 0x00000004L */
+#ifndef SSL_OP_LEGACY_SERVER_CONNECT
+#define SSL_OP_LEGACY_SERVER_CONNECT 0
#endif
+ NAMEBUG(LEGACY_SERVER_CONNECT),
-#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
- NAMEBUG(NETSCAPE_REUSE_CIPHER_CHANGE_BUG), /* 0x00000008L */
+#ifndef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0
+#endif
+ NAMEBUG(NETSCAPE_REUSE_CIPHER_CHANGE_BUG),
"CVE-2010-4180", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
-#endif
-#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
- NAMEBUG(SSLREF2_REUSE_CERT_TYPE_BUG), /* 0x00000010L */
+#ifndef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0
#endif
+ NAMEBUG(SSLREF2_REUSE_CERT_TYPE_BUG),
-#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
- NAMEBUG(MICROSOFT_BIG_SSLV3_BUFFER),/* 0x00000020L */
+#ifndef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0
#endif
+ NAMEBUG(MICROSOFT_BIG_SSLV3_BUFFER),
-#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
- NAMEBUG(MSIE_SSLV2_RSA_PADDING), /* 0x00000040L */
+#ifndef SSL_OP_MSIE_SSLV2_RSA_PADDING
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0
+#endif
+ NAMEBUG(MSIE_SSLV2_RSA_PADDING),
"CVE-2005-2969", SSL_OP_MSIE_SSLV2_RSA_PADDING,
-#endif
-#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
- NAMEBUG(SSLEAY_080_CLIENT_DH_BUG), /* 0x00000080L */
+#ifndef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0
#endif
+ NAMEBUG(SSLEAY_080_CLIENT_DH_BUG),
-#if defined(SSL_OP_TLS_D5_BUG)
- NAMEBUG(TLS_D5_BUG), /* 0x00000100L */
+#ifndef SSL_OP_TLS_D5_BUG
+#define SSL_OP_TLS_D5_BUG 0
#endif
+ NAMEBUG(TLS_D5_BUG),
-#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
- NAMEBUG(TLS_BLOCK_PADDING_BUG), /* 0x00000200L */
+#ifndef SSL_OP_TLS_BLOCK_PADDING_BUG
+#define SSL_OP_TLS_BLOCK_PADDING_BUG 0
#endif
+ NAMEBUG(TLS_BLOCK_PADDING_BUG),
-#if defined(SSL_OP_TLS_ROLLBACK_BUG)
- NAMEBUG(TLS_ROLLBACK_BUG), /* 0x00000400L */
+#ifndef SSL_OP_TLS_ROLLBACK_BUG
+#define SSL_OP_TLS_ROLLBACK_BUG 0
#endif
+ NAMEBUG(TLS_ROLLBACK_BUG),
-#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
- NAMEBUG(DONT_INSERT_EMPTY_FRAGMENTS), /* 0x00000800L */
+#ifndef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0
#endif
+ NAMEBUG(DONT_INSERT_EMPTY_FRAGMENTS),
-#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
- NAMEBUG(CRYPTOPRO_TLSEXT_BUG), /* 0x80000000L */
+#ifndef SSL_OP_CRYPTOPRO_TLSEXT_BUG
+#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0
#endif
+ NAMEBUG(CRYPTOPRO_TLSEXT_BUG),
0, 0,
};
@@ -871,7 +884,8 @@
{
long bits = SSL_OP_ALL; /* Work around all known bugs */
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L && \
+ OPENSSL_VERSION_NUMBER < 0x10000000L
long lib_version = SSLeay();
/*
@@ -897,6 +911,10 @@
bits &= ~long_name_mask_opt(VAR_TLS_BUG_TWEAKS, ssl_bug_tweaks,
var_tls_bug_tweaks, NAME_MASK_ANY_CASE |
NAME_MASK_NUMBER | NAME_MASK_WARN);
+#ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG
+ /* Not relevant to SMTP */
+ bits &= ~SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
+#endif
}
return (bits);
}
Home |
Main Index |
Thread Index |
Old Index