From 17f9ea2314a4503c07f1035cfd26771f3fcd0a58 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Fri, 7 Oct 2022 00:00:00 -0500 Subject: [PATCH] postfix-3.7.3 --- postfix/HISTORY | 44 ++++++++++++++++++++++++++++ postfix/RELEASE_NOTES | 20 +++++++++++++ postfix/src/cleanup/cleanup_milter.c | 4 +-- postfix/src/global/mail_version.h | 4 +-- postfix/src/global/map_search.c | 1 - postfix/src/global/verify.c | 2 ++ postfix/src/oqmgr/qmgr_message.c | 12 ++++++-- postfix/src/qmgr/qmgr_message.c | 12 ++++++-- postfix/src/tls/tls_server.c | 1 + 9 files changed, 89 insertions(+), 11 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index d26d9188d..f95aa3be4 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -26354,3 +26354,47 @@ Apologies for any names omitted. Clang instead of GCC. The result was also "uninteresting" on Linux-based systems that use GCC, or on a few older systems that use GCC. + +20220719 + + Cleanup: Postfix 3.5.0 introduced debug logging noise in + map_search_create(). Files: global/map_search.c. + +20220724 + + Workaround: in a TLS server disable Postfix's 1-element + internal session cache, to work around an OpenSSL 3.0 + regression that broke TLS handshakes. It is rarely useful. + Report by Spil Oss, fix by Viktor Dukhovni. File: + tls/tls_server.c. + +20220905 + + Cleanup: Postfix 3.3.0 introduced an uninitialized + verify_append() request status in case of a null original + recipient address. File: global/verify.c. + +20220906 + + Cleanup: Postfix 3.7.1 introduced a missing msg_panic() + argument (in code that never executes). File: + cleanup/cleanup_milter.c. + +20221006 + + Bugfix (introduced: Postfix 3.7.0). A message could falsely + be flagged as corrupt with "warning: Unexpected record type + 'X'". Such messages were moved to the "corrupt" queue directory, + where they may still be found. See below for instructions to + deal with these falsely flagged messages. + + This could happen for messages with 5000 or more recipients, + or with fewer recipients on a busy mail server. Problem + reported by Frank Brendel, reproduced by John Alex. Files: + qmgr/qmgr_message.c, oqmgr/qmgr_message.c. + + A file in the "corrupt" queue directory may be inspected + with the command "postcat /var/spool/postfix/corrupt/. + If delivery of the file is still desired, the file can be + moved back to /var/spool/postfix/incoming after updating + Postfix and executing "postfix reload". diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 05ce65ac2..167b87b33 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -25,6 +25,26 @@ more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. +Bugfix for messages not delivered after "warning: Unexpected record type 'X' +============================================================================ + +Due to a bug introduced in Postfix 3.7.0, a message could falsely +be flagged as corrupt with "warning: Unexpected record type 'X'". + +Such messages were moved to the "corrupt" queue directory, where +they may still be found. See below for instructions to deal with +these falsely flagged messages. + +This could happen for messages with 5000 or more recipients, or +with fewer recipients on a busy mail server. The problem was first +reported by Frank Brendel, reproduced by John Alex. + +A file in the "corrupt" queue directory may be inspected with the +command "postcat /var/spool/postfix/corrupt/. If delivery +of the file is still desired, the file can be moved back to +/var/spool/postfix/incoming after updating Postfix and executing +"postfix reload". + Major changes - configuration ----------------------------- diff --git a/postfix/src/cleanup/cleanup_milter.c b/postfix/src/cleanup/cleanup_milter.c index 8b5c8fd07..11510b559 100644 --- a/postfix/src/cleanup/cleanup_milter.c +++ b/postfix/src/cleanup/cleanup_milter.c @@ -530,7 +530,7 @@ void cleanup_milter_header_checks_init(void) msg_panic("%s: %s is empty", myname, VAR_MILT_HEAD_CHECKS); if (cleanup_milter_hbc_checks) - msg_panic("%s: cleanup_milter_hbc_checks is not null"); + msg_panic("%s: cleanup_milter_hbc_checks is not null", myname); cleanup_milter_hbc_checks = hbc_header_checks_create(VAR_MILT_HEAD_CHECKS, var_milt_head_checks, NO_MIME_HDR_NAME, NO_MIME_HDR_VALUE, @@ -538,7 +538,7 @@ void cleanup_milter_header_checks_init(void) &call_backs); if (cleanup_milter_hbc_reply) - msg_panic("%s: cleanup_milter_hbc_reply is not null"); + msg_panic("%s: cleanup_milter_hbc_reply is not null", myname); cleanup_milter_hbc_reply = vstring_alloc(100); } diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 555f2c5fe..cc33bff7e 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20220427" -#define MAIL_VERSION_NUMBER "3.7.2" +#define MAIL_RELEASE_DATE "20221007" +#define MAIL_VERSION_NUMBER "3.7.3" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/global/map_search.c b/postfix/src/global/map_search.c index 8ba6a5a98..be4b42b33 100644 --- a/postfix/src/global/map_search.c +++ b/postfix/src/global/map_search.c @@ -188,7 +188,6 @@ const MAP_SEARCH *map_search_create(const char *map_spec) MAP_SEARCH_CREATE_RETURN(0); } } - msg_info("split_nameval(\"%s\"", attr_name_val); if ((const_err = split_nameval(attr_name_val, &attr_name, &attr_value)) != 0) { msg_warn("malformed map attribute in '%s': '%s'", diff --git a/postfix/src/global/verify.c b/postfix/src/global/verify.c index cfb564859..2ce091a5d 100644 --- a/postfix/src/global/verify.c +++ b/postfix/src/global/verify.c @@ -108,6 +108,8 @@ int verify_append(const char *queue_id, MSG_STATS *stats, if (recipient->orig_addr[0]) req_stat = verify_clnt_update(recipient->orig_addr, vrfy_stat, my_dsn.reason); + else + req_stat = VRFY_STAT_OK; /* Two verify updates for one verify request! */ if (req_stat == VRFY_STAT_OK && strcmp(recipient->address, recipient->orig_addr) != 0) diff --git a/postfix/src/oqmgr/qmgr_message.c b/postfix/src/oqmgr/qmgr_message.c index 96409ceb7..b885264a2 100644 --- a/postfix/src/oqmgr/qmgr_message.c +++ b/postfix/src/oqmgr/qmgr_message.c @@ -465,9 +465,15 @@ static int qmgr_message_read(QMGR_MESSAGE *message) message->rflags |= QMGR_READ_FLAG_SEEN_ALL_NON_RCPT; break; } - /* Examine non-recipient records in extracted segment. */ - if (vstream_fseek(message->fp, message->data_offset - + message->data_size, SEEK_SET) < 0) + + /* + * Examine non-recipient records in the extracted + * segment. Note that this skips to the message start + * record, because the handler for that record changes + * the expectations for allowed record types. + */ + if (vstream_fseek(message->fp, message->data_offset, + SEEK_SET) < 0) msg_fatal("seek file %s: %m", VSTREAM_PATH(message->fp)); continue; } diff --git a/postfix/src/qmgr/qmgr_message.c b/postfix/src/qmgr/qmgr_message.c index 8b5631d41..79143f3d3 100644 --- a/postfix/src/qmgr/qmgr_message.c +++ b/postfix/src/qmgr/qmgr_message.c @@ -505,9 +505,15 @@ static int qmgr_message_read(QMGR_MESSAGE *message) message->rflags |= QMGR_READ_FLAG_SEEN_ALL_NON_RCPT; break; } - /* Examine non-recipient records in extracted segment. */ - if (vstream_fseek(message->fp, message->data_offset - + message->data_size, SEEK_SET) < 0) + + /* + * Examine non-recipient records in the extracted + * segment. Note that this skips to the message start + * record, because the handler for that record changes + * the expectations for allowed record types. + */ + if (vstream_fseek(message->fp, message->data_offset, + SEEK_SET) < 0) msg_fatal("seek file %s: %m", VSTREAM_PATH(message->fp)); continue; } diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c index 9cfa34a80..4574e0058 100644 --- a/postfix/src/tls/tls_server.c +++ b/postfix/src/tls/tls_server.c @@ -751,6 +751,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) sizeof(server_session_id_context)); SSL_CTX_set_session_cache_mode(server_ctx, SSL_SESS_CACHE_SERVER | + SSL_SESS_CACHE_NO_INTERNAL | SSL_SESS_CACHE_NO_AUTO_CLEAR); if (cachable) { app_ctx->cache_type = mystrdup(props->cache_type);