Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package postfix for openSUSE:Factory checked
in at 2021-04-15 16:57:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postfix (Old)
and /work/SRC/openSUSE:Factory/.postfix.new.12324 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix"
Thu Apr 15 16:57:07 2021 rev:200 rq:884727 version:3.5.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/postfix/postfix-bdb.changes 2021-03-12
13:32:08.382226529 +0100
+++ /work/SRC/openSUSE:Factory/.postfix.new.12324/postfix-bdb.changes
2021-04-15 16:57:24.626673647 +0200
@@ -1,0 +2,18 @@
+Mon Apr 12 09:00:22 UTC 2021 - Michael Str??der <mich...@stroeder.com>
+
+- Update to 3.5.10 with security fixes:
+ * Missing null pointer checks (introduced in Postfix 3.4) after
+ an internal I/O error during the smtp(8) to tlsproxy(8) handshake.
+ Found by Coverity, reported by Jaroslav Skarvada. Based on a
+ fix by Viktor Dukhovni.
+ * Null pointer bug (introduced in Postfix 3.0) and memory leak
+ (introduced in Postfix 3.4) after an inline: table syntax error
+ in main.cf or master.cf. Found by Coverity, reported by Jaroslav
+ Skarvada. Based on a fix by Viktor Dukhovni.
+ * Incomplete null pointer check (introduced: Postfix 2.10) after
+ truncated HaProxy version 1 handshake message. Found by Coverity,
+ reported by Jaroslav Skarvada. Fix by Viktor Dukhovni.
+ * Missing null pointer check (introduced: Postfix alpha) after
+ null argv[0] value.
+
+-------------------------------------------------------------------
postfix.changes: same change
Old:
----
postfix-3.5.9.tar.gz
postfix-3.5.9.tar.gz.asc
New:
----
postfix-3.5.10.tar.gz
postfix-3.5.10.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ postfix-bdb.spec ++++++
--- /var/tmp/diff_new_pack.dF8Rsi/_old 2021-04-15 16:57:25.462674969 +0200
+++ /var/tmp/diff_new_pack.dF8Rsi/_new 2021-04-15 16:57:25.466674976 +0200
@@ -56,7 +56,7 @@
%endif
%bcond_without ldap
Name: postfix-bdb
-Version: 3.5.9
+Version: 3.5.10
Release: 0
Summary: A fast, secure, and flexible mailer
License: IPL-1.0 OR EPL-2.0
++++++ postfix.spec ++++++
--- /var/tmp/diff_new_pack.dF8Rsi/_old 2021-04-15 16:57:25.494675020 +0200
+++ /var/tmp/diff_new_pack.dF8Rsi/_new 2021-04-15 16:57:25.502675033 +0200
@@ -42,7 +42,7 @@
%bcond_without libnsl
%bcond_without ldap
Name: postfix
-Version: 3.5.9
+Version: 3.5.10
Release: 0
Summary: A fast, secure, and flexible mailer
License: IPL-1.0 OR EPL-2.0
++++++ postfix-3.5.9.tar.gz -> postfix-3.5.10.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.5.9/HISTORY new/postfix-3.5.10/HISTORY
--- old/postfix-3.5.9/HISTORY 2021-01-17 15:54:57.000000000 +0100
+++ new/postfix-3.5.10/HISTORY 2021-04-11 16:42:12.000000000 +0200
@@ -24905,3 +24905,24 @@
causing unnecessary dnssec_probe activity. The default is now
"dane" when smtp_tls_security_level is "dane", otherwise it is
"may". File: global/mail_params.h.
+
+20210411
+
+ Missing null pointer checks (introduced: Postfix 3.4) after
+ an internal I/O error during the smtp(8) to tlsproxy(8)
+ handshake. Found by Coverity, reported by Jaroslav Skarvada.
+ Based on fix by Viktor Dukhovni. File: tls/tls_proxy_client_scan.c.
+
+ Null pointer bug (introduced: Postfix 3.0) and memory leak
+ (introduced: Postfix 3.4) after an inline: table syntax
+ error in main.cf or master.cf. Found by Coverity, reported
+ by Jaroslav Skarvada. Based on fix by Viktor Dukhovni. File:
+ util/dict_inline.c.
+
+ Incomplete null pointer check (introduced: Postfix 2.10)
+ after truncated HaProxy version 1 handshake message. Found
+ by Coverity, reported by Jaroslav Skarvada. Fix by Viktor
+ Dukhovni. File: global/haproxy_srvr.c.
+
+ Missing null pointer check (introduced: Postfix alpha) after
+ null argv[0] value. File: global/mail_task.c.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.5.9/src/global/haproxy_srvr.c
new/postfix-3.5.10/src/global/haproxy_srvr.c
--- old/postfix-3.5.9/src/global/haproxy_srvr.c 2020-03-08 15:50:26.000000000
+0100
+++ new/postfix-3.5.10/src/global/haproxy_srvr.c 2021-04-04
01:46:12.000000000 +0200
@@ -201,6 +201,8 @@
if (msg_verbose)
msg_info("haproxy_srvr_parse: proto=%s", STR_OR_NULL(str));
+ if (str == 0)
+ return (-1);
#ifdef AF_INET6
if (strcasecmp(str, "TCP6") == 0) {
if (strchr((char *) proto_info->sa_family_list, AF_INET6) != 0) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.5.9/src/global/mail_task.c
new/postfix-3.5.10/src/global/mail_task.c
--- old/postfix-3.5.9/src/global/mail_task.c 2019-01-29 23:24:42.000000000
+0100
+++ new/postfix-3.5.10/src/global/mail_task.c 2021-04-04 22:18:38.000000000
+0200
@@ -17,8 +17,8 @@
/*
/* The result is overwritten with each call.
/*
-/* A null argv0 argument requests that the current
-/* result is returned.
+/* A null argv0 argument requests that the current result is
+/* returned, or "unknown" when no current result exists.
/* LICENSE
/* .ad
/* .fi
@@ -59,6 +59,8 @@
const char *slash;
const char *tag;
+ if (argv0 == 0 && canon_name == 0)
+ argv0 = "unknown";
if (argv0) {
if (canon_name == 0)
canon_name = vstring_alloc(10);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.5.9/src/global/mail_version.h
new/postfix-3.5.10/src/global/mail_version.h
--- old/postfix-3.5.9/src/global/mail_version.h 2021-01-17 16:23:45.000000000
+0100
+++ new/postfix-3.5.10/src/global/mail_version.h 2021-04-11
15:47:15.000000000 +0200
@@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20210117"
-#define MAIL_VERSION_NUMBER "3.5.9"
+#define MAIL_RELEASE_DATE "20210411"
+#define MAIL_VERSION_NUMBER "3.5.10"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.5.9/src/tls/tls_proxy_client_scan.c
new/postfix-3.5.10/src/tls/tls_proxy_client_scan.c
--- old/postfix-3.5.9/src/tls/tls_proxy_client_scan.c 2019-02-11
14:32:27.000000000 +0100
+++ new/postfix-3.5.10/src/tls/tls_proxy_client_scan.c 2021-04-03
18:13:35.000000000 +0200
@@ -430,7 +430,8 @@
if (buf)
vstring_free(buf);
if (ret != 1) {
- tls_proxy_client_certs_free(head);
+ if (head)
+ tls_proxy_client_certs_free(head);
head = 0;
}
*(TLS_CERTS **) ptr = head;
@@ -489,7 +490,8 @@
if (buf)
vstring_free(buf);
if (ret != 1) {
- tls_proxy_client_pkeys_free(head);
+ if (head)
+ tls_proxy_client_pkeys_free(head);
head = 0;
}
*(TLS_PKEYS **) ptr = head;
@@ -538,7 +540,8 @@
ret = (ret == 3 ? 1 : -1);
}
if (ret != 1) {
- tls_proxy_client_tlsa_free(head);
+ if (head)
+ tls_proxy_client_tlsa_free(head);
head = 0;
}
*(TLS_TLSA **) ptr = head;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.5.9/src/util/dict_inline.c
new/postfix-3.5.10/src/util/dict_inline.c
--- old/postfix-3.5.9/src/util/dict_inline.c 2018-11-06 01:25:30.000000000
+0100
+++ new/postfix-3.5.10/src/util/dict_inline.c 2021-04-04 01:46:12.000000000
+0200
@@ -113,9 +113,9 @@
dict = dict_open3(DICT_TYPE_HT, name, open_flags, dict_flags);
dict_type_override(dict, DICT_TYPE_INLINE);
while ((nameval = mystrtokq(&cp, CHARS_COMMA_SP, CHARS_BRACE)) != 0) {
- if ((nameval[0] != CHARS_BRACE[0]
- || (err = free_me = extpar(&nameval, CHARS_BRACE,
EXTPAR_FLAG_STRIP)) == 0)
- && (err = split_qnameval(nameval, &vname, &value)) != 0)
+ if (nameval[0] == CHARS_BRACE[0])
+ err = free_me = extpar(&nameval, CHARS_BRACE, EXTPAR_FLAG_STRIP);
+ if (err != 0 || (err = split_qnameval(nameval, &vname, &value)) != 0)
break;
if ((dict->flags & DICT_FLAG_SRC_RHS_IS_FILE) != 0) {
