Prereq: "2.9.8"
diff -cr --new-file /var/tmp/postfix-2.9.8/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-2.9.8/src/global/mail_version.h Thu Sep 5 08:51:24 2013
--- ./src/global/mail_version.h Thu Jan 16 08:10:50 2014
***************
*** 20,27 ****
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
! #define MAIL_RELEASE_DATE "20130905"
! #define MAIL_VERSION_NUMBER "2.9.8"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
--- 20,27 ----
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
! #define MAIL_RELEASE_DATE "20140116"
! #define MAIL_VERSION_NUMBER "2.9.9"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -cr --new-file /var/tmp/postfix-2.9.8/HISTORY ./HISTORY
*** /var/tmp/postfix-2.9.8/HISTORY Sun Sep 1 18:42:11 2013
--- ./HISTORY Thu Jan 16 08:15:16 2014
***************
*** 17834,17836 ****
--- 17834,17869 ----
each smtpd(8) process. The workaround turns off session
tickets. In 2.11 we'll enable session tickets properly.
Viktor Dukhovni. File: tls/tls_server.c.
+
+ 20131026
+
+ Future proofing: API changes in the PCRE library. File:
+ util/dict_pcre.c.
+
+ 20131127
+
+ Bugfix (introduced: 20090106): the postconf '-#' option
+ erased prior options. File: postconf/postconf.c.
+
+ 20131129
+
+ Bugfix: Makefile example in MULTI_INSTANCE_README. Viktor
+ Dukhovni. File: proto/MULTI_INSTANCE_README.html.
+
+ 20131216
+
+ OpenSSL future proofing: tolerate disappearance of named
+ bug-workaround bits without invalidating tls_disable_workarounds
+ configurations. When support for a bug workaround is removed
+ from OpenSSL, the corresponding bit is defined as zero (i.e.
+ NOOP) instead of causing programs to break. Viktor Dukhovni.
+ File: tls/tls_misc.c.
+
+ 20131220
+
+ Documentation: typo in SASL_README. Patrick Ben Koetter.
+ File: proto/SASL_README.html.
+
+ 20140104
+
+ Bugfix: malformed error message. File: conf/post-install.
diff -cr --new-file /var/tmp/postfix-2.9.8/README_FILES/MULTI_INSTANCE_README ./README_FILES/MULTI_INSTANCE_README
*** /var/tmp/postfix-2.9.8/README_FILES/MULTI_INSTANCE_README Fri Dec 9 13:44:41 2011
--- ./README_FILES/MULTI_INSTANCE_README Fri Dec 20 10:34:07 2013
***************
*** 177,183 ****
generic: Makefile
@echo Creating $@
@rm -f $@.tmp
! @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp
@mv $@.tmp generic
%.cdb: %
--- 177,183 ----
generic: Makefile
@echo Creating $@
@rm -f $@.tmp
! @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` > $@.tmp
@mv $@.tmp generic
%.cdb: %
diff -cr --new-file /var/tmp/postfix-2.9.8/README_FILES/SASL_README ./README_FILES/SASL_README
*** /var/tmp/postfix-2.9.8/README_FILES/SASL_README Thu Dec 22 19:32:47 2011
--- ./README_FILES/SASL_README Fri Dec 20 10:34:07 2013
***************
*** 477,483 ****
sql_user: username
sql_passwd: secret
sql_database: dbname
! sql_select: SELECT password FROM users WHERE user = '%u'@'%r'
N�No�ot�te�e
--- 477,483 ----
sql_user: username
sql_passwd: secret
sql_database: dbname
! sql_select: SELECT password FROM users WHERE user = '%u@%r'
N�No�ot�te�e
diff -cr --new-file /var/tmp/postfix-2.9.8/conf/post-install ./conf/post-install
*** /var/tmp/postfix-2.9.8/conf/post-install Wed Jan 18 13:44:17 2012
--- ./conf/post-install Sat Jan 4 15:47:02 2014
***************
*** 464,470 ****
case $type in
[hl]) continue;;
[df]) ;;
! *) echo unknown type $type for $path in $daemon_directory/postfix-files1>&2; exit 1;;
esac
# Expand $name, and canonicalize null fields.
for name in path owner group flags
--- 464,470 ----
case $type in
[hl]) continue;;
[df]) ;;
! *) echo unknown type $type for $path in $daemon_directory/postfix-files 1>&2; exit 1;;
esac
# Expand $name, and canonicalize null fields.
for name in path owner group flags
diff -cr --new-file /var/tmp/postfix-2.9.8/html/MULTI_INSTANCE_README.html ./html/MULTI_INSTANCE_README.html
*** /var/tmp/postfix-2.9.8/html/MULTI_INSTANCE_README.html Fri Dec 9 13:44:39 2011
--- ./html/MULTI_INSTANCE_README.html Fri Dec 20 10:34:07 2013
***************
*** 233,239 ****
generic: Makefile
@echo Creating $@
@rm -f $@.tmp
! @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp
@mv $@.tmp generic
%.cdb: %
--- 233,239 ----
generic: Makefile
@echo Creating $@
@rm -f $@.tmp
! @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` > $@.tmp
@mv $@.tmp generic
%.cdb: %
diff -cr --new-file /var/tmp/postfix-2.9.8/html/SASL_README.html ./html/SASL_README.html
*** /var/tmp/postfix-2.9.8/html/SASL_README.html Thu Dec 22 19:32:47 2011
--- ./html/SASL_README.html Fri Dec 20 10:34:07 2013
***************
*** 784,790 ****
sql_user: username
sql_passwd: secret
sql_database: dbname
! sql_select: SELECT password FROM users WHERE user = '%u'@'%r'
--- 784,790 ----
sql_user: username
sql_passwd: secret
sql_database: dbname
! sql_select: SELECT password FROM users WHERE user = '%u@%r'
diff -cr --new-file /var/tmp/postfix-2.9.8/proto/MULTI_INSTANCE_README.html ./proto/MULTI_INSTANCE_README.html
*** /var/tmp/postfix-2.9.8/proto/MULTI_INSTANCE_README.html Fri Dec 9 12:36:59 2011
--- ./proto/MULTI_INSTANCE_README.html Tue Dec 17 15:46:48 2013
***************
*** 233,239 ****
generic: Makefile
@echo Creating $@
@rm -f $@.tmp
! @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp
@mv $@.tmp generic
%.cdb: %
--- 233,239 ----
generic: Makefile
@echo Creating $@
@rm -f $@.tmp
! @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` > $@.tmp
@mv $@.tmp generic
%.cdb: %
diff -cr --new-file /var/tmp/postfix-2.9.8/proto/SASL_README.html ./proto/SASL_README.html
*** /var/tmp/postfix-2.9.8/proto/SASL_README.html Thu Dec 22 09:05:39 2011
--- ./proto/SASL_README.html Fri Dec 20 10:34:02 2013
***************
*** 784,790 ****
sql_user: username
sql_passwd: secret
sql_database: dbname
! sql_select: SELECT password FROM users WHERE user = '%u'@'%r'
--- 784,790 ----
sql_user: username
sql_passwd: secret
sql_database: dbname
! sql_select: SELECT password FROM users WHERE user = '%u@%r'
diff -cr --new-file /var/tmp/postfix-2.9.8/src/postconf/postconf.c ./src/postconf/postconf.c
*** /var/tmp/postfix-2.9.8/src/postconf/postconf.c Tue Jan 24 19:41:08 2012
--- ./src/postconf/postconf.c Tue Dec 17 16:12:26 2013
***************
*** 456,462 ****
break;
#endif
case '#':
! cmd_mode = COMMENT_OUT;
break;
case 'h':
--- 456,462 ----
break;
#endif
case '#':
! cmd_mode |= COMMENT_OUT;
break;
case 'h':
diff -cr --new-file /var/tmp/postfix-2.9.8/src/tls/tls_misc.c ./src/tls/tls_misc.c
*** /var/tmp/postfix-2.9.8/src/tls/tls_misc.c Sun Feb 3 14:58:42 2013
--- ./src/tls/tls_misc.c Tue Dec 17 20:08:48 2013
***************
*** 241,299 ****
#define NAMEBUG(x) #x, SSL_OP_##x
static const LONG_NAME_MASK ssl_bug_tweaks[] = {
! #if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
! NAMEBUG(MICROSOFT_SESS_ID_BUG), /* 0x00000001L */
#endif
! #if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
! NAMEBUG(NETSCAPE_CHALLENGE_BUG), /* 0x00000002L */
#endif
! #if defined(SSL_OP_LEGACY_SERVER_CONNECT)
! NAMEBUG(LEGACY_SERVER_CONNECT), /* 0x00000004L */
#endif
! #if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
! NAMEBUG(NETSCAPE_REUSE_CIPHER_CHANGE_BUG), /* 0x00000008L */
! "CVE-2010-4180", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
#endif
! #if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
! NAMEBUG(SSLREF2_REUSE_CERT_TYPE_BUG), /* 0x00000010L */
#endif
! #if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
! NAMEBUG(MICROSOFT_BIG_SSLV3_BUFFER),/* 0x00000020L */
#endif
! #if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
! NAMEBUG(MSIE_SSLV2_RSA_PADDING), /* 0x00000040L */
! "CVE-2005-2969", SSL_OP_MSIE_SSLV2_RSA_PADDING,
#endif
! #if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
! NAMEBUG(SSLEAY_080_CLIENT_DH_BUG), /* 0x00000080L */
#endif
! #if defined(SSL_OP_TLS_D5_BUG)
! NAMEBUG(TLS_D5_BUG), /* 0x00000100L */
#endif
! #if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
! NAMEBUG(TLS_BLOCK_PADDING_BUG), /* 0x00000200L */
#endif
! #if defined(SSL_OP_TLS_ROLLBACK_BUG)
! NAMEBUG(TLS_ROLLBACK_BUG), /* 0x00000400L */
#endif
! #if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
! NAMEBUG(DONT_INSERT_EMPTY_FRAGMENTS), /* 0x00000800L */
#endif
! #if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
! NAMEBUG(CRYPTOPRO_TLSEXT_BUG), /* 0x80000000L */
#endif
0, 0,
};
--- 241,312 ----
#define NAMEBUG(x) #x, SSL_OP_##x
static const LONG_NAME_MASK ssl_bug_tweaks[] = {
! #ifndef SSL_OP_MICROSOFT_SESS_ID_BUG
! #define SSL_OP_MICROSOFT_SESS_ID_BUG 0
#endif
+ NAMEBUG(MICROSOFT_SESS_ID_BUG),
! #ifndef SSL_OP_NETSCAPE_CHALLENGE_BUG
! #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0
#endif
+ NAMEBUG(NETSCAPE_CHALLENGE_BUG),
! #ifndef SSL_OP_LEGACY_SERVER_CONNECT
! #define SSL_OP_LEGACY_SERVER_CONNECT 0
#endif
+ NAMEBUG(LEGACY_SERVER_CONNECT),
! #ifndef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
! #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0
#endif
+ NAMEBUG(NETSCAPE_REUSE_CIPHER_CHANGE_BUG),
+ "CVE-2010-4180", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
! #ifndef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
! #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0
#endif
+ NAMEBUG(SSLREF2_REUSE_CERT_TYPE_BUG),
! #ifndef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
! #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0
#endif
+ NAMEBUG(MICROSOFT_BIG_SSLV3_BUFFER),
! #ifndef SSL_OP_MSIE_SSLV2_RSA_PADDING
! #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0
#endif
+ NAMEBUG(MSIE_SSLV2_RSA_PADDING),
+ "CVE-2005-2969", SSL_OP_MSIE_SSLV2_RSA_PADDING,
! #ifndef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
! #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0
#endif
+ NAMEBUG(SSLEAY_080_CLIENT_DH_BUG),
! #ifndef SSL_OP_TLS_D5_BUG
! #define SSL_OP_TLS_D5_BUG 0
#endif
+ NAMEBUG(TLS_D5_BUG),
! #ifndef SSL_OP_TLS_BLOCK_PADDING_BUG
! #define SSL_OP_TLS_BLOCK_PADDING_BUG 0
#endif
+ NAMEBUG(TLS_BLOCK_PADDING_BUG),
! #ifndef SSL_OP_TLS_ROLLBACK_BUG
! #define SSL_OP_TLS_ROLLBACK_BUG 0
#endif
+ NAMEBUG(TLS_ROLLBACK_BUG),
! #ifndef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
! #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0
#endif
+ NAMEBUG(DONT_INSERT_EMPTY_FRAGMENTS),
! #ifndef SSL_OP_CRYPTOPRO_TLSEXT_BUG
! #define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0
#endif
+ NAMEBUG(CRYPTOPRO_TLSEXT_BUG),
0, 0,
};
***************
*** 866,872 ****
{
long bits = SSL_OP_ALL; /* Work around all known bugs */
! #if OPENSSL_VERSION_NUMBER >= 0x00908000L
long lib_version = SSLeay();
/*
--- 879,886 ----
{
long bits = SSL_OP_ALL; /* Work around all known bugs */
! #if OPENSSL_VERSION_NUMBER >= 0x00908000L && \
! OPENSSL_VERSION_NUMBER < 0x10000000L
long lib_version = SSLeay();
/*
***************
*** 892,897 ****
--- 906,915 ----
bits &= ~long_name_mask_opt(VAR_TLS_BUG_TWEAKS, ssl_bug_tweaks,
var_tls_bug_tweaks, NAME_MASK_ANY_CASE |
NAME_MASK_NUMBER | NAME_MASK_WARN);
+ #ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG
+ /* Not relevant to SMTP */
+ bits &= ~SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
+ #endif
}
return (bits);
}
diff -cr --new-file /var/tmp/postfix-2.9.8/src/util/dict_pcre.c ./src/util/dict_pcre.c
*** /var/tmp/postfix-2.9.8/src/util/dict_pcre.c Tue Jan 24 19:41:08 2012
--- ./src/util/dict_pcre.c Tue Dec 17 15:19:23 2013
***************
*** 62,67 ****
--- 62,76 ----
#include "warn_stat.h"
/*
+ * Backwards compatibility.
+ */
+ #ifdef PCRE_STUDY_JIT_COMPILE
+ #define DICT_PCRE_FREE_STUDY(x) pcre_free_study(x)
+ #else
+ #define DICT_PCRE_FREE_STUDY(x) pcre_free((char *) (x))
+ #endif
+
+ /*
* Support for IF/ENDIF based on an idea by Bert Driehuis.
*/
#define DICT_PCRE_OP_MATCH 1 /* Match this regexp */
***************
*** 389,395 ****
if (match_rule->pattern)
myfree((char *) match_rule->pattern);
if (match_rule->hints)
! myfree((char *) match_rule->hints);
if (match_rule->replacement)
myfree((char *) match_rule->replacement);
break;
--- 398,404 ----
if (match_rule->pattern)
myfree((char *) match_rule->pattern);
if (match_rule->hints)
! DICT_PCRE_FREE_STUDY(match_rule->hints);
if (match_rule->replacement)
myfree((char *) match_rule->replacement);
break;
***************
*** 398,404 ****
if (if_rule->pattern)
myfree((char *) if_rule->pattern);
if (if_rule->hints)
! myfree((char *) if_rule->hints);
break;
case DICT_PCRE_OP_ENDIF:
break;
--- 407,413 ----
if (if_rule->pattern)
myfree((char *) if_rule->pattern);
if (if_rule->hints)
! DICT_PCRE_FREE_STUDY(if_rule->hints);
break;
case DICT_PCRE_OP_ENDIF:
break;
***************
*** 679,685 ****
if (engine.pattern)
myfree((char *) engine.pattern);
if (engine.hints)
! myfree((char *) engine.hints);
CREATE_MATCHOP_ERROR_RETURN(0);
}
#endif
--- 688,694 ----
if (engine.pattern)
myfree((char *) engine.pattern);
if (engine.hints)
! DICT_PCRE_FREE_STUDY(engine.hints);
CREATE_MATCHOP_ERROR_RETURN(0);
}
#endif