postfix-3.7.3

2025-08-30 05:38:06 +00:00 · 2022-10-07 00:00:00 -05:00 · 2022-10-07 00:00:00 -05:00 · 17f9ea2314
commit 17f9ea2314
parent d776c5c039
9 changed files with 89 additions and 11 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -26354,3 +26354,47 @@ Apologies for any names omitted.
 	Clang instead of GCC. The result was also "uninteresting"
 	on Linux-based systems that use GCC, or on a few older
 	systems that use GCC.
+
+20220719
+
+	Cleanup: Postfix 3.5.0 introduced debug logging noise in
+	map_search_create(). Files: global/map_search.c.
+
+20220724
+
+	Workaround: in a TLS server disable Postfix's 1-element
+	internal session cache, to work around an OpenSSL 3.0
+	regression that broke TLS handshakes. It is rarely useful.
+	Report by Spil Oss, fix by Viktor Dukhovni. File:
+	tls/tls_server.c.
+
+20220905
+
+	Cleanup: Postfix 3.3.0 introduced an uninitialized
+	verify_append() request status in case of a null original
+	recipient address.  File: global/verify.c.
+
+20220906
+
+	Cleanup: Postfix 3.7.1 introduced a missing msg_panic()
+	argument (in code that never executes). File:
+	cleanup/cleanup_milter.c.
+
+20221006
+
+	Bugfix (introduced: Postfix 3.7.0). A message could falsely
+	be flagged as corrupt with "warning: Unexpected record type
+	'X'". Such messages were moved to the "corrupt" queue directory,
+	where they may still be found. See below for instructions to
+	deal with these falsely flagged messages.
+
+	This could happen for messages with 5000 or more recipients,
+	or with fewer recipients on a busy mail server. Problem
+	reported by Frank Brendel, reproduced by John Alex. Files:
+	qmgr/qmgr_message.c, oqmgr/qmgr_message.c.
+
+	A file in the "corrupt" queue directory may be inspected
+	with the command "postcat /var/spool/postfix/corrupt/<filename>.
+	If delivery of the file is still desired, the file can be
+	moved back to /var/spool/postfix/incoming after updating
+	Postfix and executing "postfix reload".
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@ -25,6 +25,26 @@ more recent Eclipse Public License 2.0. Recipients can choose to take
 the software under the license of their choice. Those who are more
 comfortable with the IPL can continue with that license.

+Bugfix for messages not delivered after "warning: Unexpected record type 'X'
+============================================================================
+
+Due to a bug introduced in Postfix 3.7.0, a message could falsely
+be flagged as corrupt with "warning: Unexpected record type 'X'".
+
+Such messages were moved to the "corrupt" queue directory, where
+they may still be found. See below for instructions to deal with
+these falsely flagged messages.
+
+This could happen for messages with 5000 or more recipients, or
+with fewer recipients on a busy mail server. The problem was first
+reported by Frank Brendel, reproduced by John Alex.
+
+A file in the "corrupt" queue directory may be inspected with the
+command "postcat /var/spool/postfix/corrupt/<filename>. If delivery
+of the file is still desired, the file can be moved back to
+/var/spool/postfix/incoming after updating Postfix and executing
+"postfix reload".
+
 Major changes - configuration
 -----------------------------

--- a/postfix/src/cleanup/cleanup_milter.c
+++ b/postfix/src/cleanup/cleanup_milter.c
@ -530,7 +530,7 @@ void    cleanup_milter_header_checks_init(void)
 	msg_panic("%s: %s is empty", myname, VAR_MILT_HEAD_CHECKS);

    if (cleanup_milter_hbc_checks)
-	msg_panic("%s: cleanup_milter_hbc_checks is not null");
+	msg_panic("%s: cleanup_milter_hbc_checks is not null", myname);
    cleanup_milter_hbc_checks =
 	hbc_header_checks_create(VAR_MILT_HEAD_CHECKS, var_milt_head_checks,
 				 NO_MIME_HDR_NAME, NO_MIME_HDR_VALUE,
@ -538,7 +538,7 @@ void    cleanup_milter_header_checks_init(void)
 				 &call_backs);

    if (cleanup_milter_hbc_reply)
-	msg_panic("%s: cleanup_milter_hbc_reply is not null");
+	msg_panic("%s: cleanup_milter_hbc_reply is not null", myname);
    cleanup_milter_hbc_reply = vstring_alloc(100);
 }

--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,8 +20,8 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20220427"
-#define MAIL_VERSION_NUMBER	"3.7.2"
+#define MAIL_RELEASE_DATE	"20221007"
+#define MAIL_VERSION_NUMBER	"3.7.3"

 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
--- a/postfix/src/global/map_search.c
+++ b/postfix/src/global/map_search.c
@ -188,7 +188,6 @@ const MAP_SEARCH *map_search_create(const char *map_spec)
 		    MAP_SEARCH_CREATE_RETURN(0);
 		}
 	    }
-	    msg_info("split_nameval(\"%s\"", attr_name_val);
 	    if ((const_err = split_nameval(attr_name_val, &attr_name,
 					   &attr_value)) != 0) {
 		msg_warn("malformed map attribute in '%s': '%s'",
--- a/postfix/src/global/verify.c
+++ b/postfix/src/global/verify.c
@ -108,6 +108,8 @@ int     verify_append(const char *queue_id, MSG_STATS *stats,
 	if (recipient->orig_addr[0])
 	    req_stat = verify_clnt_update(recipient->orig_addr, vrfy_stat,
 					  my_dsn.reason);
+	else
+	    req_stat = VRFY_STAT_OK;
 	/* Two verify updates for one verify request! */
 	if (req_stat == VRFY_STAT_OK
 	    && strcmp(recipient->address, recipient->orig_addr) != 0)
--- a/postfix/src/oqmgr/qmgr_message.c
+++ b/postfix/src/oqmgr/qmgr_message.c
@ -465,9 +465,15 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
 			message->rflags |= QMGR_READ_FLAG_SEEN_ALL_NON_RCPT;
 			break;
 		    }
-		    /* Examine non-recipient records in extracted segment. */
-		    if (vstream_fseek(message->fp, message->data_offset
-				      + message->data_size, SEEK_SET) < 0)
+
+		    /*
+		     * Examine non-recipient records in the extracted
+		     * segment. Note that this skips to the message start
+		     * record, because the handler for that record changes
+		     * the expectations for allowed record types.
+		     */
+		    if (vstream_fseek(message->fp, message->data_offset,
+				      SEEK_SET) < 0)
 			msg_fatal("seek file %s: %m", VSTREAM_PATH(message->fp));
 		    continue;
 		}
--- a/postfix/src/qmgr/qmgr_message.c
+++ b/postfix/src/qmgr/qmgr_message.c
@ -505,9 +505,15 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
 			message->rflags |= QMGR_READ_FLAG_SEEN_ALL_NON_RCPT;
 			break;
 		    }
-		    /* Examine non-recipient records in extracted segment. */
-		    if (vstream_fseek(message->fp, message->data_offset
-				      + message->data_size, SEEK_SET) < 0)
+
+		    /*
+		     * Examine non-recipient records in the extracted
+		     * segment. Note that this skips to the message start
+		     * record, because the handler for that record changes
+		     * the expectations for allowed record types.
+		     */
+		    if (vstream_fseek(message->fp, message->data_offset,
+				      SEEK_SET) < 0)
 			msg_fatal("seek file %s: %m", VSTREAM_PATH(message->fp));
 		    continue;
 		}
--- a/postfix/src/tls/tls_server.c
+++ b/postfix/src/tls/tls_server.c
@ -751,6 +751,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
 				       sizeof(server_session_id_context));
 	SSL_CTX_set_session_cache_mode(server_ctx,
 				       SSL_SESS_CACHE_SERVER |
+				       SSL_SESS_CACHE_NO_INTERNAL |
 				       SSL_SESS_CACHE_NO_AUTO_CLEAR);
 	if (cachable) {
 	    app_ctx->cache_type = mystrdup(props->cache_type);