Prereq: "3.5.7" diff -ur --new-file /var/tmp/postfix-3.5.7/src/global/mail_version.h ./src/global/mail_version.h --- /var/tmp/postfix-3.5.7/src/global/mail_version.h 2020-08-30 09:53:35.000000000 -0400 +++ ./src/global/mail_version.h 2020-11-07 16:27:54.000000000 -0500 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20200830" -#define MAIL_VERSION_NUMBER "3.5.7" +#define MAIL_RELEASE_DATE "20201107" +#define MAIL_VERSION_NUMBER "3.5.8" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -ur --new-file /var/tmp/postfix-3.5.7/HISTORY ./HISTORY --- /var/tmp/postfix-3.5.7/HISTORY 2020-08-30 10:15:56.000000000 -0400 +++ ./HISTORY 2020-11-04 18:11:27.000000000 -0500 @@ -24834,3 +24834,51 @@ Cleanup: the posttls-finger '-X' option reported a false conflict with '-r'. File: posttls-finger/posttls-finger.c. + +20200830 + + Bugfix (introduced: Postfix 2.0): smtp_sasl_mechanism_filter + ignored table lookup errors, treating them as 'not found'. + Found during Postfix 3.6 development. File: smtp/smtp_sasl_proto.c. + +202000920 + + Bugfix (introduced: Postfix 2.3): when deleting a recipient + with a milter, delete the recipient from the duplicate + filter, so that the recipient can be added back. Backported + from Postfix 3.6. Files: global/been_here.[hc], + cleanup/cleanup_milter.c. + +20200925 + + Bugfix (introduced: before Postfix alpha): the code that + looks for Delivered-To: headers ignored headers longer than + $line_length_limit. Backported from Postfix 3.6. File: + global/delivered_hdr.c. + +20201011 + + Bugfix (introduced: Postfix 2.8): save a copy of the + postscreen_dnsbl_reply_map lookup result. This has no effect + when the recommended texthash: look table is used, but it + may avoid stale data with other lookup tables. File: + postscreen/postscreen_dnsbl.c. + +20201022 + + Bugfix (introduced: Postfix 2.2): after processing an + XCCLIENT command, the smtps service was waiting for a TLS + handshake. Found by Aki Tuomi. File: smtpd/smtpd.c. + +20201025 + + Bugfix (introduced: Postfix 2.3): static maps did not free + their casefolding buffer. File: util/dict_static.c. + +20201104 + + Bugfix (introduced: Postfix 3.5): the Postfix SMTP client + broke message headers longer than $line_length_limit, causing + subsequent header content to become message body content. + Reported by Andreas Weigel, fix by Viktor Dukhovni. File: + smtp/smtp_proto.c. diff -ur --new-file /var/tmp/postfix-3.5.7/src/cleanup/cleanup_milter.c ./src/cleanup/cleanup_milter.c --- /var/tmp/postfix-3.5.7/src/cleanup/cleanup_milter.c 2020-03-08 11:42:19.000000000 -0400 +++ ./src/cleanup/cleanup_milter.c 2020-11-04 16:06:12.000000000 -0500 @@ -1803,6 +1803,10 @@ } count++; } + if (var_enable_orcpt) + been_here_drop(state->dups, "%s\n%d\n%s\n%s", + dsn_orcpt ? dsn_orcpt : "", dsn_notify, + orig_rcpt ? orig_rcpt : "", STR(int_rcpt_buf)); /* FALLTHROUGH */ case REC_TYPE_DRCP: /* canceled recipient */ case REC_TYPE_DONE: /* can't happen */ @@ -1818,6 +1822,8 @@ break; } } + if (var_enable_orcpt == 0 && count > 0) + been_here_drop_fixed(state->dups, STR(int_rcpt_buf)); if (msg_verbose) msg_info("%s: deleted %d records for recipient \"%s\"", diff -ur --new-file /var/tmp/postfix-3.5.7/src/global/been_here.c ./src/global/been_here.c --- /var/tmp/postfix-3.5.7/src/global/been_here.c 2019-02-09 18:26:28.000000000 -0500 +++ ./src/global/been_here.c 2020-11-04 16:06:12.000000000 -0500 @@ -26,6 +26,14 @@ /* BH_TABLE *dup_filter; /* char *format; /* +/* int been_here_drop_fixed(dup_filter, string) +/* BH_TABLE *dup_filter; +/* char *string; +/* +/* int been_here_drop(dup_filter, format, ...) +/* BH_TABLE *dup_filter; +/* char *format; +/* /* void been_here_free(dup_filter) /* BH_TABLE *dup_filter; /* DESCRIPTION @@ -46,6 +54,16 @@ /* been_here_check_fixed() and been_here_check() are similar /* but do not update the duplicate filter. /* +/* been_here_drop_fixed() looks up a fixed string in the given +/* table, and deletes the entry if the string was found. The +/* result is non-zero (true) if the string was found, zero +/* (false) otherwise. +/* +/* been_here_drop() formats its arguments, looks up the result +/* in the given table, and removes the entry if the formatted +/* result was found. The result is non-zero (true) if the +/* formatted result was found, zero (false) otherwise. +/* /* been_here_free() releases storage for a duplicate filter. /* /* Arguments: @@ -249,3 +267,64 @@ return (status); } + +/* been_here_drop - remove filter entry with finer control */ + +int been_here_drop(BH_TABLE *dup_filter, const char *fmt,...) +{ + VSTRING *buf = vstring_alloc(100); + int status; + va_list ap; + + /* + * Construct the string to be dropped. + */ + va_start(ap, fmt); + vstring_vsprintf(buf, fmt, ap); + va_end(ap); + + /* + * Drop the filter entry. + */ + status = been_here_drop_fixed(dup_filter, vstring_str(buf)); + + /* + * Cleanup. + */ + vstring_free(buf); + return (status); +} + +/* been_here_drop_fixed - remove filter entry */ + +int been_here_drop_fixed(BH_TABLE *dup_filter, const char *string) +{ + VSTRING *folded_string; + const char *lookup_key; + int status; + + /* + * Special processing: case insensitive lookup. + */ + if (dup_filter->flags & BH_FLAG_FOLD) { + folded_string = vstring_alloc(100); + lookup_key = casefold(folded_string, string); + } else { + folded_string = 0; + lookup_key = string; + } + + /* + * Drop the filter entry. + */ + if ((status = been_here_check_fixed(dup_filter, lookup_key)) != 0) + htable_delete(dup_filter->table, lookup_key, (void (*) (void *)) 0); + + /* + * Cleanup. + */ + if (folded_string) + vstring_free(folded_string); + + return (status); +} diff -ur --new-file /var/tmp/postfix-3.5.7/src/global/been_here.h ./src/global/been_here.h --- /var/tmp/postfix-3.5.7/src/global/been_here.h 2019-02-09 18:26:58.000000000 -0500 +++ ./src/global/been_here.h 2020-11-04 16:06:12.000000000 -0500 @@ -35,6 +35,8 @@ extern int PRINTFLIKE(2, 3) been_here(BH_TABLE *, const char *,...); extern int been_here_check_fixed(BH_TABLE *, const char *); extern int PRINTFLIKE(2, 3) been_here_check(BH_TABLE *, const char *,...); +extern int been_here_drop_fixed(BH_TABLE *, const char *); +extern int PRINTFLIKE(2, 3) been_here_drop(BH_TABLE *, const char *,...); /* LICENSE /* .ad diff -ur --new-file /var/tmp/postfix-3.5.7/src/global/delivered_hdr.c ./src/global/delivered_hdr.c --- /var/tmp/postfix-3.5.7/src/global/delivered_hdr.c 2015-01-27 10:22:33.000000000 -0500 +++ ./src/global/delivered_hdr.c 2020-11-04 16:10:00.000000000 -0500 @@ -115,6 +115,8 @@ char *cp; DELIVERED_HDR_INFO *info; const HEADER_OPTS *hdr; + int curr_type; + int prev_type; /* * Sanity check. @@ -130,15 +132,20 @@ /* * XXX Assume that mail_copy() produces delivered-to headers that fit in - * a REC_TYPE_NORM record. Lowercase the delivered-to addresses for - * consistency. + * a REC_TYPE_NORM or REC_TYPE_CONT record. Lowercase the delivered-to + * addresses for consistency. * * XXX Don't get bogged down by gazillions of delivered-to headers. */ #define DELIVERED_HDR_LIMIT 1000 - while (rec_get(fp, info->buf, 0) == REC_TYPE_NORM - && info->table->used < DELIVERED_HDR_LIMIT) { + for (prev_type = REC_TYPE_NORM; + info->table->used < DELIVERED_HDR_LIMIT + && ((curr_type = rec_get(fp, info->buf, 0)) == REC_TYPE_NORM + || curr_type == REC_TYPE_CONT); + prev_type = curr_type) { + if (prev_type != REC_TYPE_NORM) + continue; if (is_header(STR(info->buf))) { if ((hdr = header_opts_find(STR(info->buf))) != 0 && hdr->type == HDR_DELIVERED_TO) { diff -ur --new-file /var/tmp/postfix-3.5.7/src/postscreen/postscreen_dnsbl.c ./src/postscreen/postscreen_dnsbl.c --- /var/tmp/postfix-3.5.7/src/postscreen/postscreen_dnsbl.c 2017-02-18 20:58:20.000000000 -0500 +++ ./src/postscreen/postscreen_dnsbl.c 2020-11-04 16:16:47.000000000 -0500 @@ -231,6 +231,7 @@ int weight; HTABLE_INFO *ht; char *parse_err; + const char *safe_dnsbl; /* * Parse the required DNSBL domain name, the optional reply filter and @@ -271,8 +272,9 @@ ht = htable_enter(dnsbl_site_cache, saved_site, (void *) head); /* Translate the DNSBL name into a safe name if available. */ if (psc_dnsbl_reply == 0 - || (head->safe_dnsbl = dict_get(psc_dnsbl_reply, saved_site)) == 0) - head->safe_dnsbl = ht->key; + || (safe_dnsbl = dict_get(psc_dnsbl_reply, saved_site)) == 0) + safe_dnsbl = ht->key; + head->safe_dnsbl = mystrdup(safe_dnsbl); if (psc_dnsbl_reply && psc_dnsbl_reply->error) msg_fatal("%s:%s lookup error", psc_dnsbl_reply->type, psc_dnsbl_reply->name); diff -ur --new-file /var/tmp/postfix-3.5.7/src/smtp/smtp_proto.c ./src/smtp/smtp_proto.c --- /var/tmp/postfix-3.5.7/src/smtp/smtp_proto.c 2019-06-13 17:08:33.000000000 -0400 +++ ./src/smtp/smtp_proto.c 2020-11-04 16:26:11.000000000 -0500 @@ -1389,17 +1389,17 @@ /* smtp_out_raw_or_mime - output buffer, raw output or MIME-aware */ -static int smtp_out_raw_or_mime(SMTP_STATE *state, VSTRING *buf) +static int smtp_out_raw_or_mime(SMTP_STATE *state, int rec_type, VSTRING *buf) { SMTP_SESSION *session = state->session; int mime_errs; if (session->mime_state == 0) { - smtp_text_out((void *) state, REC_TYPE_NORM, vstring_str(buf), + smtp_text_out((void *) state, rec_type, vstring_str(buf), VSTRING_LEN(buf), (off_t) 0); } else { mime_errs = - mime_state_update(session->mime_state, REC_TYPE_NORM, + mime_state_update(session->mime_state, rec_type, vstring_str(buf), VSTRING_LEN(buf)); if (mime_errs) { smtp_mime_fail(state, mime_errs); @@ -1423,7 +1423,7 @@ vstring_str(session->scratch2), QUOTE_FLAG_DEFAULT | QUOTE_FLAG_APPEND); vstring_strcat(session->scratch, gt); - return (smtp_out_raw_or_mime(state, session->scratch)); + return (smtp_out_raw_or_mime(state, REC_TYPE_NORM, session->scratch)); } /* smtp_out_add_headers - output additional headers, uses session->scratch* */ @@ -2307,7 +2307,8 @@ while ((rec_type = rec_get(state->src, session->scratch, 0)) > 0) { if (rec_type != REC_TYPE_NORM && rec_type != REC_TYPE_CONT) break; - if (smtp_out_raw_or_mime(state, session->scratch) < 0) + if (smtp_out_raw_or_mime(state, rec_type, + session->scratch) < 0) RETURN(0); prev_type = rec_type; } diff -ur --new-file /var/tmp/postfix-3.5.7/src/smtp/smtp_sasl_proto.c ./src/smtp/smtp_sasl_proto.c --- /var/tmp/postfix-3.5.7/src/smtp/smtp_sasl_proto.c 2014-12-12 14:33:27.000000000 -0500 +++ ./src/smtp/smtp_sasl_proto.c 2020-11-04 18:33:50.000000000 -0500 @@ -102,6 +102,8 @@ if (VSTRING_LEN(buf) > 0) VSTRING_ADDCH(buf, ' '); vstring_strcat(buf, mech); + } else if (smtp_sasl_mechs->error) { + msg_fatal("SASL mechanism filter failed for: '%s'", mech); } } myfree(save_mech); diff -ur --new-file /var/tmp/postfix-3.5.7/src/smtpd/smtpd.c ./src/smtpd/smtpd.c --- /var/tmp/postfix-3.5.7/src/smtpd/smtpd.c 2020-03-12 11:15:34.000000000 -0400 +++ ./src/smtpd/smtpd.c 2020-11-04 16:20:42.000000000 -0500 @@ -5458,7 +5458,8 @@ * obsolete, so we don't have to provide perfect support. */ #ifdef USE_TLS - if (SMTPD_STAND_ALONE(state) == 0 && var_smtpd_tls_wrappermode) { + if (SMTPD_STAND_ALONE(state) == 0 && var_smtpd_tls_wrappermode + && state->tls_context == 0) { #ifdef USE_TLSPROXY /* We garbage-collect the VSTREAM in smtpd_state_reset() */ state->tlsproxy = diff -ur --new-file /var/tmp/postfix-3.5.7/src/util/dict_static.c ./src/util/dict_static.c --- /var/tmp/postfix-3.5.7/src/util/dict_static.c 2018-11-05 19:25:30.000000000 -0500 +++ ./src/util/dict_static.c 2020-11-04 16:37:34.000000000 -0500 @@ -73,6 +73,8 @@ if (dict_static->value) myfree(dict_static->value); + if (dict->fold_buf) + vstring_free(dict->fold_buf); dict_free(dict); }