diff --git a/postfix/HISTORY b/postfix/HISTORY index c59bc0572..5dfd81eda 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -26367,3 +26367,20 @@ Apologies for any names omitted. cleanup server enters the chroot jail. Files: cleanup/cleanup.h, cleanup/cleanup_init.c, cleanup/cleanup_milter.c, cleanup/cleanup_state.c. + +20220407 + + Feature: the policy delegation protocol now sends a + "compatibility_level" attribute with the value of the + compatibility_level configuration parameter. Files: + global/mail_proto.h, smtpd/smtpd_check.c, + proto/SMTPD_POLICY_README.html. + +20220415 + + Cleanup: with dynamic map loading enabled, an attempt to + create a map with "postmap regexp:path" would result in a + bogus error message "Is the postfix-regexp package installed?" + instead of "unsupported map type for this operation". + Implemented a workaround for all map types including regexp + that have no 'bulk create' support. File: global mkmap_open.c. diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README index 291fa5c87..46bbf165f 100644 --- a/postfix/README_FILES/SMTPD_POLICY_README +++ b/postfix/README_FILES/SMTPD_POLICY_README @@ -85,6 +85,8 @@ a delegated SMTPD access policy request: PPoossttffiixx vveerrssiioonn 33..22 aanndd llaatteerr:: server_address=10.3.2.1 server_port=54321 + PPoossttffiixx vveerrssiioonn 33..88 aanndd llaatteerr:: + compatibility_level=major.minor.patch [empty line] Notes: @@ -164,6 +166,10 @@ Notes: * The "policy_context" attribute provides a way to pass information that is not available via other attributes (Postfix version 3.1 and later). + * The "compatibility_level" attribute corresponds to the compatibility_level + parameter value. It has the form major.minor.patch where minor and patch + may be absent. + The following is specific to SMTPD delegated policy requests: * Protocol names are ESMTP or SMTP. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 808d5e09d..4dccddda9 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -6,10 +6,14 @@ Wish list: Disable -DSNAPSHOT and -DNONPROD in makedefs. - Can tests use LD_PRELOAD to inject fake modules such - as fake_dns(3), fake_msg(3), fake_myaddrinfo() and so on? + Scan Postfix code with github.com/googleprojectzero/weggli + (depends on "rust"). + + Can tests use LD_PRELOAD to inject fake modules such as + fake_dns(3), fake_msg(3), fake_myaddrinfo(3) and so on? One limitation is that functions etc. in a preloaded object - always take precedence. + always take precedence, even in code that is not being + tested. '%l' support. ef7c661c-d86a-2366-6a73-ec8d51d75012@dev.snart.me diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html index 3f74fc59f..aaa5218ed 100644 --- a/postfix/html/SMTPD_POLICY_README.html +++ b/postfix/html/SMTPD_POLICY_README.html @@ -116,6 +116,8 @@ policy_context=submission Postfix version 3.2 and later: server_address=10.3.2.1 server_port=54321 +Postfix version 3.8 and later: +compatibility_level=major.minor.patch [empty line] @@ -213,6 +215,11 @@ server_port=54321 information that is not available via other attributes (Postfix version 3.1 and later).

+

  • The "compatibility_level" attribute corresponds to the + compatibility_level parameter value. It has the form + major.minor.patch where minor and + patch may be absent.

    +

    The following is specific to SMTPD delegated policy requests: diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html index b8df76eaa..189fb08dd 100644 --- a/postfix/proto/SMTPD_POLICY_README.html +++ b/postfix/proto/SMTPD_POLICY_README.html @@ -116,6 +116,8 @@ policy_context=submission Postfix version 3.2 and later: server_address=10.3.2.1 server_port=54321 +Postfix version 3.8 and later: +compatibility_level=major.minor.patch [empty line] @@ -213,6 +215,11 @@ server_port=54321 information that is not available via other attributes (Postfix version 3.1 and later).

    +

  • The "compatibility_level" attribute corresponds to the + compatibility_level parameter value. It has the form + major.minor.patch where minor and + patch may be absent.

    +

    The following is specific to SMTPD delegated policy requests: diff --git a/postfix/src/global/mail_proto.h b/postfix/src/global/mail_proto.h index b5504638e..c5f59c2d7 100644 --- a/postfix/src/global/mail_proto.h +++ b/postfix/src/global/mail_proto.h @@ -200,6 +200,7 @@ extern char *mail_pathname(const char *, const char *); #define MAIL_ATTR_CRYPTO_PROTOCOL "encryption_protocol" #define MAIL_ATTR_CRYPTO_CIPHER "encryption_cipher" #define MAIL_ATTR_CRYPTO_KEYSIZE "encryption_keysize" +#define MAIL_ATTR_COMPAT_LEVEL "compatibility_level" /* * Suffixes for sender_name, sender_domain etc. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index a85e79a0c..73534c62a 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20220407" +#define MAIL_RELEASE_DATE "20220415" #define MAIL_VERSION_NUMBER "3.8" #ifdef SNAPSHOT diff --git a/postfix/src/global/mkmap_open.c b/postfix/src/global/mkmap_open.c index 9d15eec30..1fd566015 100644 --- a/postfix/src/global/mkmap_open.c +++ b/postfix/src/global/mkmap_open.c @@ -101,6 +101,39 @@ #include #include + /* + * Workaround for map types that have no 'bulk create' support, for example + * regexp. When dynamic map loading is enabled, an attempt to create a map + * with "postmap regexp:/path" would result in a bogus error message with + * "Is the postfix-regexp package installed?" instead of the expected + * "unsupported map type for this operation: regexp". The workaround is to + * provide explicit definitions for mkmap_open() so that it knows what map + * types exist without a 'bulk create' open function. + * + * The solution is to merge the {maptype, function} tables that are currently + * managed separately by mkmap_open() (for bulk-mode map create operations) + * and by dict_open() (for all other operations). That change would be too + * invasive for a stable release. + */ +#ifdef USE_DYNAMIC_MAPS +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#endif + /* Global library. */ #include "mkmap.h" @@ -137,6 +170,32 @@ static const MKMAP_OPEN_INFO mkmap_open_info[] = { DICT_TYPE_BTREE, mkmap_btree_open, #endif DICT_TYPE_FAIL, mkmap_fail_open, +#ifdef USE_DYNAMIC_MAPS /* Begin workaround */ + DICT_TYPE_ENVIRON, 0, + DICT_TYPE_HT, 0, + DICT_TYPE_UNIX, 0, + DICT_TYPE_TCP, 0, +#ifdef HAS_NIS + DICT_TYPE_NIS, 0, +#endif +#ifdef HAS_NISPLUS + DICT_TYPE_NISPLUS, 0, +#endif +#ifdef HAS_NETINFO + DICT_TYPE_NETINFO, 0, +#endif +#ifdef HAS_POSIX_REGEXP + DICT_TYPE_REGEXP, 0, +#endif + DICT_TYPE_STATIC, 0, + DICT_TYPE_CIDR, 0, + DICT_TYPE_THASH, 0, + DICT_TYPE_SOCKMAP, 0, + DICT_TYPE_PIPE, 0, + DICT_TYPE_RANDOM, 0, + DICT_TYPE_UNION, 0, + DICT_TYPE_INLINE, 0, +#endif /* End workaround */ 0, }; @@ -252,9 +311,10 @@ MKMAP *mkmap_open(const char *type, const char *path, mkmap_open_register(type, open_fn); mp = (MKMAP_OPEN_INFO *) htable_find(mkmap_open_hash, type); } - if (mp == 0) - msg_fatal("unsupported map type for this operation: %s", type); } + if (mp == 0 || mp->before_open == 0) + msg_fatal("unsupported map type for this operation: %s", type); + if (msg_verbose) msg_info("open %s %s", type, path); diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index a4a6af063..2785ce1fc 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -4099,6 +4099,8 @@ static int check_policy_service(SMTPD_STATE *state, const char *server, #endif SEND_ATTR_STR(MAIL_ATTR_POL_CONTEXT, policy_clnt->policy_context), + SEND_ATTR_STR(MAIL_ATTR_COMPAT_LEVEL, + var_compatibility_level), ATTR_TYPE_END, ATTR_FLAG_MISSING, /* Reply attributes. */ RECV_ATTR_STR(MAIL_ATTR_ACTION, action),