From 87cbd5c87aaa28a85d9c23de93c5066f3823b4b7 Mon Sep 17 00:00:00 2001
From: Wietse Venema <wietse@porcupine.org>
Date: Fri, 15 Apr 2022 00:00:00 -0500
Subject: [PATCH] postfix-3.8-20220415

---
 postfix/HISTORY                          | 17 +++++++
 postfix/README_FILES/SMTPD_POLICY_README |  6 +++
 postfix/WISHLIST                         | 10 ++--
 postfix/html/SMTPD_POLICY_README.html    |  7 +++
 postfix/proto/SMTPD_POLICY_README.html   |  7 +++
 postfix/src/global/mail_proto.h          |  1 +
 postfix/src/global/mail_version.h        |  2 +-
 postfix/src/global/mkmap_open.c          | 64 +++++++++++++++++++++++-
 postfix/src/smtpd/smtpd_check.c          |  2 +
 9 files changed, 110 insertions(+), 6 deletions(-)

diff --git a/postfix/HISTORY b/postfix/HISTORY
index c59bc0572..5dfd81eda 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -26367,3 +26367,20 @@ Apologies for any names omitted.
 	cleanup server enters the chroot jail. Files: cleanup/cleanup.h,
 	cleanup/cleanup_init.c, cleanup/cleanup_milter.c,
 	cleanup/cleanup_state.c.
+
+20220407
+
+	Feature: the policy delegation protocol now sends a
+	"compatibility_level" attribute with the value of the
+	compatibility_level configuration parameter. Files:
+	global/mail_proto.h, smtpd/smtpd_check.c,
+	proto/SMTPD_POLICY_README.html.
+
+20220415
+
+	Cleanup: with dynamic map loading enabled, an attempt to
+	create a map with "postmap regexp:path" would result in a
+	bogus error message "Is the postfix-regexp package installed?"
+	instead of "unsupported map type for this operation".
+	Implemented a workaround for all map types including regexp
+	that have no 'bulk create' support. File: global mkmap_open.c.
diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README
index 291fa5c87..46bbf165f 100644
--- a/postfix/README_FILES/SMTPD_POLICY_README
+++ b/postfix/README_FILES/SMTPD_POLICY_README
@@ -85,6 +85,8 @@ a delegated SMTPD access policy request:
     PPoossttffiixx vveerrssiioonn 33..22 aanndd llaatteerr::
     server_address=10.3.2.1
     server_port=54321
+    PPoossttffiixx vveerrssiioonn 33..88 aanndd llaatteerr::
+    compatibility_level=major.minor.patch
     [empty line]
 
 Notes:
@@ -164,6 +166,10 @@ Notes:
   * The "policy_context" attribute provides a way to pass information that is
     not available via other attributes (Postfix version 3.1 and later).
 
+  * The "compatibility_level" attribute corresponds to the compatibility_level
+    parameter value. It has the form major.minor.patch where minor and patch
+    may be absent.
+
 The following is specific to SMTPD delegated policy requests:
 
   * Protocol names are ESMTP or SMTP.
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index 808d5e09d..4dccddda9 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -6,10 +6,14 @@ Wish list:
 
 	Disable -DSNAPSHOT and -DNONPROD in makedefs.
 
-	Can tests use LD_PRELOAD to inject fake modules such
-	as fake_dns(3), fake_msg(3), fake_myaddrinfo() and so on?
+	Scan Postfix code with github.com/googleprojectzero/weggli
+	(depends on "rust").
+
+	Can tests use LD_PRELOAD to inject fake modules such as
+	fake_dns(3), fake_msg(3), fake_myaddrinfo(3) and so on?
 	One limitation is that functions etc. in a preloaded object
-	always take precedence.
+	always take precedence, even in code that is not being
+	tested.
 
 	'%l' support. ef7c661c-d86a-2366-6a73-ec8d51d75012@dev.snart.me
 
diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html
index 3f74fc59f..aaa5218ed 100644
--- a/postfix/html/SMTPD_POLICY_README.html
+++ b/postfix/html/SMTPD_POLICY_README.html
@@ -116,6 +116,8 @@ policy_context=submission
 <b>Postfix version 3.2 and later:</b>
 server_address=10.3.2.1
 server_port=54321
+<b>Postfix version 3.8 and later:</b>
+<a href="postconf.5.html#compatibility_level">compatibility_level</a>=<i>major</i>.<i>minor</i>.<i>patch</i>
 [empty line]
 </pre>
 </blockquote>
@@ -213,6 +215,11 @@ server_port=54321
     information that is not available via other attributes (Postfix
     version 3.1 and later). </p>
 
+   <li> <p> The "<a href="postconf.5.html#compatibility_level">compatibility_level</a>" attribute corresponds to the
+   <a href="postconf.5.html#compatibility_level">compatibility_level</a> parameter value. It has the form
+   <i>major</i>.<i>minor</i>.<i>patch</i> where <i>minor</i> and
+   <i>patch</i> may be absent. </p>
+
 </ul>
 
 <p> The following is specific to SMTPD delegated policy requests:
diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html
index b8df76eaa..189fb08dd 100644
--- a/postfix/proto/SMTPD_POLICY_README.html
+++ b/postfix/proto/SMTPD_POLICY_README.html
@@ -116,6 +116,8 @@ policy_context=submission
 <b>Postfix version 3.2 and later:</b>
 server_address=10.3.2.1
 server_port=54321
+<b>Postfix version 3.8 and later:</b>
+compatibility_level=<i>major</i>.<i>minor</i>.<i>patch</i>
 [empty line]
 </pre>
 </blockquote>
@@ -213,6 +215,11 @@ server_port=54321
     information that is not available via other attributes (Postfix
     version 3.1 and later). </p>
 
+   <li> <p> The "compatibility_level" attribute corresponds to the
+   compatibility_level parameter value. It has the form
+   <i>major</i>.<i>minor</i>.<i>patch</i> where <i>minor</i> and
+   <i>patch</i> may be absent. </p>
+
 </ul>
 
 <p> The following is specific to SMTPD delegated policy requests:
diff --git a/postfix/src/global/mail_proto.h b/postfix/src/global/mail_proto.h
index b5504638e..c5f59c2d7 100644
--- a/postfix/src/global/mail_proto.h
+++ b/postfix/src/global/mail_proto.h
@@ -200,6 +200,7 @@ extern char *mail_pathname(const char *, const char *);
 #define MAIL_ATTR_CRYPTO_PROTOCOL "encryption_protocol"
 #define MAIL_ATTR_CRYPTO_CIPHER	"encryption_cipher"
 #define MAIL_ATTR_CRYPTO_KEYSIZE "encryption_keysize"
+#define MAIL_ATTR_COMPAT_LEVEL	"compatibility_level"
 
  /*
   * Suffixes for sender_name, sender_domain etc.
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index a85e79a0c..73534c62a 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20220407"
+#define MAIL_RELEASE_DATE	"20220415"
 #define MAIL_VERSION_NUMBER	"3.8"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/global/mkmap_open.c b/postfix/src/global/mkmap_open.c
index 9d15eec30..1fd566015 100644
--- a/postfix/src/global/mkmap_open.c
+++ b/postfix/src/global/mkmap_open.c
@@ -101,6 +101,39 @@
 #include <mymalloc.h>
 #include <stringops.h>
 
+ /*
+  * Workaround for map types that have no 'bulk create' support, for example
+  * regexp. When dynamic map loading is enabled, an attempt to create a map
+  * with "postmap regexp:/path" would result in a bogus error message with
+  * "Is the postfix-regexp package installed?" instead of the expected
+  * "unsupported map type for this operation: regexp". The workaround is to
+  * provide explicit definitions for mkmap_open() so that it knows what map
+  * types exist without a 'bulk create' open function.
+  * 
+  * The solution is to merge the {maptype, function} tables that are currently
+  * managed separately by mkmap_open() (for bulk-mode map create operations)
+  * and by dict_open() (for all other operations). That change would be too
+  * invasive for a stable release.
+  */
+#ifdef USE_DYNAMIC_MAPS
+#include <dict_env.h>
+#include <dict_ht.h>
+#include <dict_unix.h>
+#include <dict_tcp.h>
+#include <dict_nis.h>
+#include <dict_nisplus.h>
+#include <dict_ni.h>
+#include <dict_regexp.h>
+#include <dict_static.h>
+#include <dict_cidr.h>
+#include <dict_thash.h>
+#include <dict_sockmap.h>
+#include <dict_pipe.h>
+#include <dict_random.h>
+#include <dict_union.h>
+#include <dict_inline.h>
+#endif
+
 /* Global library. */
 
 #include "mkmap.h"
@@ -137,6 +170,32 @@ static const MKMAP_OPEN_INFO mkmap_open_info[] = {
     DICT_TYPE_BTREE, mkmap_btree_open,
 #endif
     DICT_TYPE_FAIL, mkmap_fail_open,
+#ifdef USE_DYNAMIC_MAPS			/* Begin workaround */
+    DICT_TYPE_ENVIRON, 0,
+    DICT_TYPE_HT, 0,
+    DICT_TYPE_UNIX, 0,
+    DICT_TYPE_TCP, 0,
+#ifdef HAS_NIS
+    DICT_TYPE_NIS, 0,
+#endif
+#ifdef HAS_NISPLUS
+    DICT_TYPE_NISPLUS, 0,
+#endif
+#ifdef HAS_NETINFO
+    DICT_TYPE_NETINFO, 0,
+#endif
+#ifdef HAS_POSIX_REGEXP
+    DICT_TYPE_REGEXP, 0,
+#endif
+    DICT_TYPE_STATIC, 0,
+    DICT_TYPE_CIDR, 0,
+    DICT_TYPE_THASH, 0,
+    DICT_TYPE_SOCKMAP, 0,
+    DICT_TYPE_PIPE, 0,
+    DICT_TYPE_RANDOM, 0,
+    DICT_TYPE_UNION, 0,
+    DICT_TYPE_INLINE, 0,
+#endif					/* End workaround */
     0,
 };
 
@@ -252,9 +311,10 @@ MKMAP  *mkmap_open(const char *type, const char *path,
 	    mkmap_open_register(type, open_fn);
 	    mp = (MKMAP_OPEN_INFO *) htable_find(mkmap_open_hash, type);
 	}
-	if (mp == 0)
-	    msg_fatal("unsupported map type for this operation: %s", type);
     }
+    if (mp == 0 || mp->before_open == 0)
+	msg_fatal("unsupported map type for this operation: %s", type);
+
     if (msg_verbose)
 	msg_info("open %s %s", type, path);
 
diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index a4a6af063..2785ce1fc 100644
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -4099,6 +4099,8 @@ static int check_policy_service(SMTPD_STATE *state, const char *server,
 #endif
 			  SEND_ATTR_STR(MAIL_ATTR_POL_CONTEXT,
 					policy_clnt->policy_context),
+			  SEND_ATTR_STR(MAIL_ATTR_COMPAT_LEVEL,
+					var_compatibility_level),
 			  ATTR_TYPE_END,
 			  ATTR_FLAG_MISSING,	/* Reply attributes. */
 			  RECV_ATTR_STR(MAIL_ATTR_ACTION, action),