postfix-3.6-20200523

postfix/HISTORY

@@ -24693,10 +24693,11 @@ Apologies for any names omitted.
 
 20200419
 
-	Bugfix: segfault in the tlsproxy client role when the server
-	role was disabled. This typically happens with a first-time
-	Postfix install and after configuring only outbound TLS.
-	Found during program maintenance. File: tlsproxy/tlsproxy.c.
+	Bugfix (introduced: Postfix 3.4): segfault in the tlsproxy
+	client role when the server role was disabled. This typically
+	happens with a first-time Postfix install and after configuring
+	only outbound TLS. Found during program maintenance. File:
+	tlsproxy/tlsproxy.c.
 
 20200420
 
@@ -24705,10 +24706,10 @@ Apologies for any names omitted.
 
 20200422
 
-	Security: disable TLSA/DANE on Alpine Linux because libc-musl
-	provides no indication whether responses are authentic.
-	This broke TLSA/DANE without a clear explanation. File:
-	makedefs.
+	Security: disable DANE support on Alpine Linux because
+	libc-musl provides no indication whether DNS responses are
+	authentic. This broke DANE support without a clear explanation.
+	File: makedefs.
 
 20200425
 
@@ -24719,7 +24720,7 @@ Apologies for any names omitted.
 	However, with a SHARED listen socket as used in Postfix,
 	kernel-based load balancing does not help, and Postfix still
 	requires locking to avoid waking up multiple processes when
-	a connection arrives.  Files: util/inet_listen.c,
+	a connection arrives. Files: util/inet_listen.c,
 
 20200502
 
@@ -24750,7 +24751,7 @@ Apologies for any names omitted.
 
 20200509
 
-	Bugfix (introduced: Postfix 3.5): maillog_file_rotate_suffix
+	Bugfix (introduced: Postfix 3.4): maillog_file_rotate_suffix
 	default value used the minute instead of the month. Reported
 	by Larry Stone. Files: conf/postfix-tls-script,
 	proto/MAILLOG_README.html, proto/postconf.proto.
@@ -24763,8 +24764,8 @@ Apologies for any names omitted.
 
 20200511
 
-	Noise suppression: spurious "SSL_Shutdown:shutdown while
-	in init" warnings. File: tls/tls_session.c.
+	Noise suppression: avoid "SSL_Shutdown:shutdown while in
+	init" warnings. File: tls/tls_session.c.
 
 	Debugging: with a single -v, the cleanup server now also
 	logs output envelope records, so that one -v option shows
@@ -24772,13 +24773,41 @@ Apologies for any names omitted.
 
 20200515
 
-	Bugfix (introduced: Postfix 2.2): TLS error status info
-	from a PostgreSQL client caused a false 'lost connection'
-	error for an SMTP-over-TLS session in the same Postfix
-	process. Reported by Alexander Vasarab, diagnosed by Viktor
-	Dukhovni. File: tls/tls_bio_ops.c.
+	Bugfix (introduced: Postfix 2.2): a TLS error for a PostgreSQL
+	client caused a false 'lost connection' error for an SMTP
+	over TLS session in the same Postfix process. Reported by
+	Alexander Vasarab, diagnosed by Viktor Dukhovni. File:
+	tls/tls_bio_ops.c.
 
-	Bugfix (introduced: Postfix 2.8): TLS error status info
-	from one TLS session may cause a false 'lost connection'
-	error for concurrent TLS sessions in the same tlsproxy
-	process. File: tlsproxy/tlsproxy.c.
+	Bugfix (introduced: Postfix 2.8): a TLS error for one TLS
+	session may cause a false 'lost connection' error for a
+	concurrent TLS session in the same tlsproxy process. File:
+	tlsproxy/tlsproxy.c.
+
+20200518
+
+	Documentation: updated the wording of recent HISTORY entries,
+	based on the text in the 20200516 stable releases.
+
+20200521
+
+	Cleanup: the value of __RES (defined in resolv.h) determines
+	whether the res_nxxx() API is available. Credit to Rich
+	Felker. Files: util/sys_defs.h, dns/dns_lookup.c.
+
+20200522
+
+	Cleanup: the postconf command builds with -fno-common.
+	Files: makedefs, Makefile.in, postconf/extract.awk,
+	postconf/install_vars.h.
+
+20200523
+
+	Cleanup: the 20200503 change did not prevent direct access
+	to the obsolete h_errno variable in smtpd_checks.c. This
+	variable may still be updated, but we should not count on
+	that. Files: dns/dns.h, dns/dns_lookup.c, smtpd/smtpd_check.c.
+
+	Cleanup: unit tests now build with -fno-common. Files:
+	global/server_acl.c, smtpd/smtpd_check.c, global/strip_addr.c,
+	proxymap/proxymap.c.

postfix/Makefile.in

@@ -1,7 +1,7 @@
 # To test with valgrind:
 # make -i tests VALGRIND="valgrind --tool=memcheck --log-file=/some/where.%p" 
 SHELL	= /bin/sh
-WARN    = -Wmissing-prototypes -Wformat -Wno-comment -fcommon
+WARN    = -Wmissing-prototypes -Wformat -Wno-comment -fno-common
 OPTS	= 'WARN=$(WARN)'
 DIRS	= src/util src/global src/dns src/tls src/xsasl src/master src/milter \
 	src/postfix src/fsstone src/smtpstone \

postfix/RELEASE_NOTES

@@ -38,3 +38,11 @@ To build old style, build with:
 
 This is also the default for systems that are known not to support
 the threadsafe resolver API, such systems that use libc-musl.
+
+Incompatible changes with snapshot 20200416
+===========================================
+
+Security: this release disables DANE support on Linux systems with
+libc-musl, because libc-musl provides no indication whether DNS
+responses are authentic. This broke DANE support without a clear
+explanation.

postfix/WISHLIST

@@ -1,7 +1,10 @@
 Wish list:
 
-	Find a reasonable way to generate postconf configuration
-	parameter tables without breaking gcc -fnocommon.
+	DNSSEC end-to-end test, probing a configurable zone (".")
+	and resource type (default: NS).
+
+	When a secondary instance has no multi_instance_name set,
+`	postmulti -i won't be able to find it.
 
 	Read http://mmogilvi.users.sourceforge.net/software/oauthbearer.html
 	and see how we can improve on the Postfix side.

postfix/makedefs

@@ -239,12 +239,6 @@ case "$SYSTEM" in
 	 *) echo Warning: libc-musl breaks DANE/TLSA security. 1>&2
 	    echo This build will not support DANE/TLSA. 1>&2
 	    CCARGS="$CCARGS -DNO_DNSSEC";;
-	esac
-	case "$CCARGS" in
-	 *-DNO_RES_NCALLS*) ;;
-	 *) echo Warning: libc-musl does not support res_ninit etc. 1>&2
-	    echo This build will not support modern resolver features. 1>&2
-	    CCARGS="$CCARGS -DNO_RES_NCALLS";;
 	esac;;
     esac;;
 esac
@@ -1166,7 +1160,7 @@ esac
 : ${CC=gcc} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk} \
 ${WARN='-Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \
 	-Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
-	-Wunused -Wno-missing-braces -fcommon'}
+	-Wunused -Wno-missing-braces -fno-common'}
 
 # Extract map type names from -DHAS_XXX compiler options.  We avoid
 # problems with tr(1) range syntax by using enumerations instead,

postfix/src/dns/dns.h

@@ -52,6 +52,17 @@
 	(cp) += 4; \
 }
 
+#endif
+
+ /*
+  * Provide API compatibility for systems without res_nxxx() API. Also
+  * require calling dns_get_h_errno() instead of directly accessing the
+  * global h_errno variable. We should not count on that being updated.
+  */
+#if !defined(NO_RES_NCALLS) && defined(__RES) && (__RES >= 19991006)
+#define USE_RES_NCALLS
+#undef h_errno
+#define h_errno use_dns_get_h_errno_instead_of_h_errno
 #endif
 
 /*
@@ -229,6 +240,7 @@ extern int dns_lookup_rl(const char *, unsigned, DNS_RR **, VSTRING *,
 			         VSTRING *, int *, int,...);
 extern int dns_lookup_rv(const char *, unsigned, DNS_RR **, VSTRING *,
 			         VSTRING *, int *, int, unsigned *);
+extern int dns_get_h_errno(void);
 
 #define dns_lookup(name, type, rflags, list, fqdn, why) \
     dns_lookup_x((name), (type), (rflags), (list), (fqdn), (why), (int *) 0, \

postfix/src/dns/dns_lookup.c

@@ -31,6 +31,8 @@
 /*	VSTRING *why;
 /*	int	lflags;
 /*	unsigned *ltype;
+/*
+/*	int	dns_get_h_errno()
 /* AUXILIARY FUNCTIONS
 /*	extern int var_dns_ncache_ttl_fix;
 /*
@@ -83,6 +85,10 @@
 /*	an invalid name is reported as a DNS_INVAL result, while
 /*	malformed replies are reported as transient errors.
 /*
+/*	dns_get_h_errno() returns the last error. This deprecates
+/*	usage of the global h_errno variable. We should not rely
+/*	on that being updated.
+/*
 /*	dns_lookup_l() and dns_lookup_v() allow the user to specify
 /*	a list of resource types.
 /*
@@ -1244,3 +1250,10 @@ int     dns_lookup_rv(const char *name, unsigned flags, DNS_RR **rrlist,
 	vstring_free(hpref_rtext);
     return (status);
 }
+
+/* dns_get_h_errno - get the last lookup status */
+
+int     dns_get_h_errno(void)
+{
+    return (DNS_GET_H_ERRNO(&dns_res_state));
+}

postfix/src/global/db_common.c

@@ -114,6 +114,11 @@
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
+/*
 /*	Liviu Daia
 /*	Institute of Mathematics of the Romanian Academy
 /*	P.O. BOX 1-764

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20200515"
+#define MAIL_RELEASE_DATE	"20200523"
 #define MAIL_VERSION_NUMBER	"3.6"
 
 #ifdef SNAPSHOT

postfix/src/global/server_acl.c

@@ -59,6 +59,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -235,9 +240,7 @@ int     server_acl_eval(const char *client_addr, SERVER_ACL * intern_acl,
 #include <vstring_vstream.h>
 #include <name_code.h>
 #include <split_at.h>
-
-char   *var_par_dom_match = DEF_PAR_DOM_MATCH;
-char   *var_mynetworks = "";
+    
 char   *var_server_acl = "";
 
 #define UPDATE_VAR(s,v) do { if (*(s)) myfree(s); (s) = mystrdup(v); } while (0)
@@ -259,6 +262,12 @@ int     main(void)
 	0,
     };
 
+    /*
+     * No static initializer because these are owned by a library.
+     */
+    var_par_dom_match = DEF_PAR_DOM_MATCH;
+    var_mynetworks = "";
+
 #define VAR_SERVER_ACL "server_acl"
 
     while (vstring_get_nonl(buf, VSTREAM_IN) != VSTREAM_EOF) {

postfix/src/global/strip_addr.c

@@ -115,8 +115,6 @@ char   *strip_addr_internal(const char *full, char **extension,
 #include <msg.h>
 #include <mail_params.h>
 
-char   *var_double_bounce_sender = DEF_DOUBLE_BOUNCE;
-
 int     main(int unused_argc, char **unused_argv)
 {
     char   *extension;
@@ -125,6 +123,11 @@ int     main(int unused_argc, char **unused_argv)
 
 #define NO_DELIM	""
 
+    /*
+     * No static initializer, because this is owned by a library.
+     */
+    var_double_bounce_sender = DEF_DOUBLE_BOUNCE;
+
     /*
      * Incredible. This function takes only three arguments, and the tests
      * already take more lines of code than the code being tested.

postfix/src/postconf/extract.awk

@@ -18,9 +18,12 @@
 # have a more modern implementation that is XPG4-compatible, but it
 # is too much bother to find out where each system keeps these.
 
+{ owned_by_library = (FILENAME ~ /\/(global|tls)\//) }
+
 /^(static| )*(const +)?CONFIG_INT_TABLE .*\{/,/\};/ { 
     if ($1 ~ /VAR/) {
-	int_vars["int " substr($3,2,length($3)-2) ";"] = 1
+	if (!owned_by_library)
+	    int_vars["int " substr($3,2,length($3)-2) ";"] = 1
 	if (++itab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) {
 	    int_table[$0] = 1
 	}
@@ -28,7 +31,8 @@
 }
 /^(static| )*(const +)?CONFIG_STR_TABLE .*\{/,/\};/ { 
     if ($1 ~ /^VAR/) {
-	str_vars["char *" substr($3,2,length($3)-2) ";"] = 1
+	if (!owned_by_library)
+	    str_vars["char *" substr($3,2,length($3)-2) ";"] = 1
 	if (++stab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) {
 	    str_table[$0] = 1
 	}
@@ -36,7 +40,8 @@
 }
 /^(static| )*(const +)?CONFIG_STR_FN_TABLE .*\{/,/\};/ { 
     if ($1 ~ /^VAR/) {
-	str_fn_vars["char *" substr($3,2,length($3)-2) ";"] = 1
+	if (!owned_by_library)
+	    str_fn_vars["char *" substr($3,2,length($3)-2) ";"] = 1
 	$2 = "pcf_" $2
 	if (++stab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) {
 	    str_fn_table[$0] = 1
@@ -45,7 +50,8 @@
 }
 /^(static| )*(const +)?CONFIG_RAW_TABLE .*\{/,/\};/ { 
     if ($1 ~ /^VAR/) {
-	raw_vars["char *" substr($3,2,length($3)-2) ";"] = 1
+	if (!owned_by_library)
+	    raw_vars["char *" substr($3,2,length($3)-2) ";"] = 1
 	if (++rtab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) {
 	    raw_table[$0] = 1
 	}
@@ -53,7 +59,8 @@
 }
 /^(static| )*(const +)?CONFIG_BOOL_TABLE .*\{/,/\};/ { 
     if ($1 ~ /^VAR/) {
-	bool_vars["int " substr($3,2,length($3)-2) ";"] = 1
+	if (!owned_by_library)
+	    bool_vars["int " substr($3,2,length($3)-2) ";"] = 1
 	if (++btab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) {
 	    bool_table[$0] = 1
 	}
@@ -61,7 +68,8 @@
 }
 /^(static| )*(const +)?CONFIG_TIME_TABLE .*\{/,/\};/ { 
     if ($1 ~ /^VAR/) {
-	time_vars["int " substr($3,2,length($3)-2) ";"] = 1
+	if (!owned_by_library)
+	    time_vars["int " substr($3,2,length($3)-2) ";"] = 1
 	if (++ttab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) {
 	    time_table[$0] = 1
 	}
@@ -69,7 +77,8 @@
 }
 /^(static| )*(const +)?CONFIG_NINT_TABLE .*\{/,/\};/ { 
     if ($1 ~ /VAR/) {
-	nint_vars["int " substr($3,2,length($3)-2) ";"] = 1
+	if (!owned_by_library)
+	    nint_vars["int " substr($3,2,length($3)-2) ";"] = 1
 	if (++itab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) {
 	    nint_table[$0] = 1
 	}
@@ -77,7 +86,8 @@
 }
 /^(static| )*(const +)?CONFIG_NBOOL_TABLE .*\{/,/\};/ { 
     if ($1 ~ /^VAR/) {
-	nbool_vars["int " substr($3,2,length($3)-2) ";"] = 1
+	if (!owned_by_library)
+	    nbool_vars["int " substr($3,2,length($3)-2) ";"] = 1
 	if (++btab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) {
 	    nbool_table[$0] = 1
 	}
@@ -85,7 +95,8 @@
 }
 /^(static| )*(const +)?CONFIG_LONG_TABLE .*\{/,/\};/ { 
     if ($1 ~ /VAR/) {
-	long_vars["long " substr($3,2,length($3)-2) ";"] = 1
+	if (!owned_by_library)
+	    long_vars["long " substr($3,2,length($3)-2) ";"] = 1
 	if (++itab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) {
 	    long_table[$0] = 1
 	}

postfix/src/postconf/install_vars.h

@@ -1,2 +1 @@
-char   *var_config_dir;
 char   *var_debug_command;

postfix/src/proxymap/proxymap.c

@@ -759,7 +759,6 @@ int     main(int argc, char **argv)
 	VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0,
 	VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mailbox_doms, 0, 0,
 	VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps, 0, 0,
-	VAR_RELAY_DOMAINS, DEF_RELAY_DOMAINS, &var_relay_domains, 0, 0,
 	VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,
 	VAR_SEND_CANON_MAPS, DEF_SEND_CANON_MAPS, &var_send_canon_maps, 0, 0,
 	VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps, 0, 0,

postfix/src/smtpd/smtpd_check.c

@@ -1815,7 +1815,8 @@ static int all_auth_mx_addr(SMTPD_STATE *state, char *host,
 			 "%s as mail exchanger: %s",
 			 reply_name, reply_class, host,
 			 dns_status == DNS_POLICY ?
-			 "DNS reply filter policy" : dns_strerror(h_errno));
+			 "DNS reply filter policy" :
+			 dns_strerror(dns_get_h_errno()));
 	return (NOPE);
     }
     for (rr = addr_list; rr != 0; rr = rr->next) {
@@ -2059,8 +2060,10 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
 			     450, "4.4.4",
 			     "<%s>: %s rejected: Unable to look up mail "
 			     "exchanger information: %s",
-			 reply_name, reply_class, dns_status == DNS_POLICY ?
-			 "DNS reply filter policy" : dns_strerror(h_errno));
+			     reply_name, reply_class,
+			     dns_status == DNS_POLICY ?
+			     "DNS reply filter policy" :
+			     dns_strerror(dns_get_h_errno()));
 	return (SMTPD_CHECK_DUNNO);
     }
 
@@ -3080,8 +3083,10 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
 	}
 	if (dns_status != DNS_OK) {
 	    msg_warn("Unable to look up %s host for %s: %s", dns_strtype(type),
-	     domain && domain[1] ? domain : name, dns_status == DNS_POLICY ?
-		     "DNS reply filter policy" : dns_strerror(h_errno));
+		     domain && domain[1] ? domain : name,
+		     dns_status == DNS_POLICY ?
+		     "DNS reply filter policy" :
+		     dns_strerror(dns_get_h_errno()));
 	    return (SMTPD_CHECK_DUNNO);
 	}
     }
@@ -5570,7 +5575,6 @@ char   *var_rcpt_checks = "";
 char   *var_etrn_checks = "";
 char   *var_data_checks = "";
 char   *var_eod_checks = "";
-char   *var_relay_domains = "";
 char   *var_smtpd_uproxy_proto = "";
 int     var_smtpd_uproxy_tmout = 0;
 
@@ -5578,7 +5582,6 @@ int     var_smtpd_uproxy_tmout = 0;
 char   *var_relay_ccerts = "";
 
 #endif
-char   *var_mynetworks = "";
 char   *var_notify_classes = "";
 char   *var_smtpd_policy_def_action = "";
 char   *var_smtpd_policy_context = "";
@@ -5587,11 +5590,6 @@ char   *var_smtpd_policy_context = "";
   * String-valued configuration parameters.
   */
 char   *var_maps_rbl_domains;
-char   *var_myorigin;
-char   *var_mydest;
-char   *var_inet_interfaces;
-char   *var_proxy_interfaces;
-char   *var_rcpt_delim;
 char   *var_rest_classes;
 char   *var_alias_maps;
 char   *var_send_canon_maps;
@@ -5603,10 +5601,8 @@ char   *var_virt_mailbox_maps;
 char   *var_virt_mailbox_doms;
 char   *var_local_rcpt_maps;
 char   *var_perm_mx_networks;
-char   *var_par_dom_match;
 char   *var_smtpd_null_key;
 char   *var_smtpd_snd_auth_maps;
-char   *var_double_bounce_sender;
 char   *var_rbl_reply_maps;
 char   *var_smtpd_exp_filter;
 char   *var_def_rbl_reply;
@@ -5623,7 +5619,6 @@ char   *var_unk_addr_tf_act;
 char   *var_unv_rcpt_tf_act;
 char   *var_unv_from_tf_act;
 char   *var_smtpd_acl_perm_log;
-char   *var_info_log_addr_form;
 
 typedef struct {
     char   *name;
@@ -5680,6 +5675,9 @@ static const STRING_TABLE string_table[] = {
     VAR_SMTPD_ACL_PERM_LOG, DEF_SMTPD_ACL_PERM_LOG, &var_smtpd_acl_perm_log,
     VAR_SMTPD_DNS_RE_FILTER, DEF_SMTPD_DNS_RE_FILTER, &var_smtpd_dns_re_filter,
     VAR_INFO_LOG_ADDR_FORM, DEF_INFO_LOG_ADDR_FORM, &var_info_log_addr_form,
+    /* XXX No static initialization with "", because owned by a library. */
+    VAR_MYNETWORKS, "", &var_mynetworks,
+    VAR_RELAY_DOMAINS, "", &var_relay_domains,
     0,
 };
 

postfix/src/util/mac_parse.h

@@ -41,6 +41,11 @@ extern int WARN_UNUSED_RESULT mac_parse(const char *, MAC_PARSE_FN, void *);
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 #endif

postfix/src/util/sys_defs.h

@@ -1699,14 +1699,6 @@ typedef int pid_t;
   */
 #define ENFORCING_SIZE_LIMIT(param)	((param) > 0)
 
- /*
-  * The threadsafe resolver(5) API came out before 2002, and should be on by
-  * default.
-  */
-#ifndef NO_RES_NCALLS
-#define USE_RES_NCALLS
-#endif
-
  /*
   * Don't mix socket message send/receive calls with socket stream read/write
   * calls. The fact that you can get away with it only on some stacks implies