postfix-3.9-20231030

2025-08-22 09:57:34 +00:00 · 2023-10-30 00:00:00 -05:00 · 2023-10-30 00:00:00 -05:00 · 702c621b1e
commit 702c621b1e
parent d31cde7580
8 changed files with 35 additions and 6 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -27403,7 +27403,7 @@ Apologies for any names omitted.

 20230929

-	Bugfix (bug introduced Postfix 2.5, 20080104): the Postfix
+	Bugfix (defect introduced Postfix 2.5, 20080104): the Postfix
 	SMTP server was waiting for a client command instead of
 	replying immediately, after a client certificate verification
 	error in TLS wrappermode. Reported by Andreas Kinzler. File:
@ -27501,3 +27501,22 @@ Apologies for any names omitted.

 	Cleanup: emit place holder text when no SASL authentication
 	failure reason is available. File: smtpd/smtpd_sasl_glue.c.
+
+20231026
+
+	Bugfix (defect introduced: Postfix 2.11): in forward_path,
+	the expression ${recipient_delimiter} would expand to an
+	empty string when a recipient address had no recipient
+	delimiter. Fixed by restoring Postfix 2.10 behavior to use
+	a configured recipient delimiter value. Reported by Tod
+	A. Sandman. Files: proto/postconf.proto, local/local_expand.c.
+
+20231027
+
+	Cleanup: missing 'smtpd_tls_enable_rpk' parameter definition
+	in test driver. File: smtpd/smtpd_check.c.
+
+20231030
+
+	Cleanup: explicit %.100s limits for client-controlled strings
+	in SASL error logging. File: smtpd/smtpd_sasl_glue.c.
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@ -3797,7 +3797,9 @@ filtered with the character set that is specified with the
 <dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt>

 <dd>The address extension delimiter that was found in the recipient
-address (Postfix 2.11 and later), or the system-wide recipient
+address (Postfix 2.11 and later), or the 'first' delimiter specified
+with the system-wide recipient address extension delimiter (Postfix
+3.5.22, 3.5.12, 3.7.8, 3.8.3 and later), or the system-wide recipient
 address extension delimiter (Postfix 2.10 and earlier). </dd>

 <dt><b>${name?value}</b></dt>
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@ -2415,7 +2415,9 @@ The entire recipient localpart.
 .br
 .IP "\fB$recipient_delimiter\fR"
 The address extension delimiter that was found in the recipient
-address (Postfix 2.11 and later), or the system\-wide recipient
+address (Postfix 2.11 and later), or the 'first' delimiter specified
+with the system\-wide recipient address extension delimiter (Postfix
+3.5.22, 3.5.12, 3.7.8, 3.8.3 and later), or the system\-wide recipient
 address extension delimiter (Postfix 2.10 and earlier).
 .br
 .IP "\fB${name?value}\fR"
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@ -1781,7 +1781,9 @@ forward_expansion_filter parameter.  </p>
 <dt><b>$recipient_delimiter</b></dt>

 <dd>The address extension delimiter that was found in the recipient
-address (Postfix 2.11 and later), or the system-wide recipient
+address (Postfix 2.11 and later), or the 'first' delimiter specified
+with the system-wide recipient address extension delimiter (Postfix
+3.5.22, 3.5.12, 3.7.8, 3.8.3 and later), or the system-wide recipient
 address extension delimiter (Postfix 2.10 and earlier). </dd>

 <dt><b>${name?value}</b></dt>
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20231024"
+#define MAIL_RELEASE_DATE	"20231030"
 #define MAIL_VERSION_NUMBER	"3.9"

 #ifdef SNAPSHOT
--- a/postfix/src/local/local_expand.c
+++ b/postfix/src/local/local_expand.c
@ -138,6 +138,8 @@ static const char *local_expand_lookup(const char *name, int mode, void *ptr)
    } else if (STREQ(name, "recipient_delimiter")) {
 	rcpt_delim[0] =
 	    local->state->msg_attr.local[strlen(local->state->msg_attr.user)];
+	if (rcpt_delim[0] == 0)
+	    rcpt_delim[0] = var_rcpt_delim[0];
 	rcpt_delim[1] = 0;
 	return (rcpt_delim[0] ? rcpt_delim : 0);
 #if 0
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@ -5851,6 +5851,7 @@ char   *var_smtpd_dns_re_filter;
 bool    var_smtpd_tls_ask_ccert;
 int     var_smtpd_cipv4_prefix;
 int     var_smtpd_cipv6_prefix;
+bool	var_smtpd_tls_enable_rpk;

 #define int_table test_int_table

@ -5888,6 +5889,7 @@ static const INT_TABLE int_table[] = {
    VAR_SMTPD_TLS_ACERT, DEF_SMTPD_TLS_ACERT, &var_smtpd_tls_ask_ccert,
    VAR_SMTPD_CIPV4_PREFIX, DEF_SMTPD_CIPV4_PREFIX, &var_smtpd_cipv4_prefix,
    VAR_SMTPD_CIPV6_PREFIX, DEF_SMTPD_CIPV6_PREFIX, &var_smtpd_cipv6_prefix,
+    VAR_SMTPD_TLS_ENABLE_RPK, DEF_SMTPD_TLS_ENABLE_RPK, &var_smtpd_tls_enable_rpk,
    0,
 };

--- a/postfix/src/smtpd/smtpd_sasl_glue.c
+++ b/postfix/src/smtpd/smtpd_sasl_glue.c
@ -345,7 +345,7 @@ int     smtpd_sasl_authenticate(SMTPD_STATE *state,
    }
    if (status != XSASL_AUTH_DONE) {
 	sasl_username = xsasl_server_get_username(state->sasl_server);
-	msg_warn("%s: SASL %s authentication failed: %s, sasl_username=%s",
+	msg_warn("%s: SASL %.100s authentication failed: %s, sasl_username=%.100s",
 		 state->namaddr, sasl_method, *STR(state->sasl_reply) ?
 		 STR(state->sasl_reply) : "(reason unavailable)",
 		 sasl_username ? sasl_username : "(unavailable)");