postfix-3.10-20240724

postfix/HISTORY

@@ -28152,3 +28152,14 @@ Apologies for any names omitted.
 
 	Bitrot: some groff version complains about ".ft C" directives
 	in postconf(5) manpages. File: mantools/postconf2man.
+
+20240724
+
+	Documentation: re-worded some text about Debian hard-coding
+	the Cyrus SASL smtpd.conf search path. Files:
+	proto/SASL_README.html, proto/postconf.proto.
+
+	Cleanup: the Postfix DNS client returned only the first
+	fragment of a multi-fragment TXT record. This would become
+	an issue when looking up policy records with strings longer
+	than 255 bytes. File: dns/dns_lookup.c.

postfix/README_FILES/SASL_README

@@ -185,12 +185,9 @@ You can read more about the following topics:
     cyrus_sasl_config_path and/or the distribution-specific documentation to
     determine the expected location.
 
-  * Some Debian-based Postfix distributions patch Postfix to hardcode a non-
+  * Some Debian-based Postfix distributions ignore the "cyrus_sasl_config_path"
-    default search path, making it impossible to set an alternate search path
+    parameter setting, and force Postfix to open the file /etc/postfix/sasl/
-    via the "cyrus_sasl_config_path" parameter. This is likely to be the case
+    smtpd.conf.
-    when the distribution documents a Postfix-specific path (e.g. /etc/postfix/
-    sasl/) that is different from the default value of "cyrus_sasl_config_path"
-    (which then is likely to be empty).
 
     NNoottee
 

postfix/WISHLIST

@@ -26,6 +26,8 @@ Wish list:
 	bounce/annotate.sh should include the 'QUICK INSTRUCTIONS'
 	into the bounce.cf.default file.
 
+	Should smtp_tls_wrappermode have an SMTP_TLS_POLICY override?
+
 	The postsceen NON-SMTP test should log the command in
 	the same format as the BARE NEWLINE and PREGREET tests.
 	Consider logging the entire unadulterated command line.

postfix/html/SASL_README.html

@@ -281,13 +281,9 @@ configuration file in <code>/etc/postfix/sasl/</code>,
 <a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a></code> and/or the distribution-specific
 documentation to determine the expected location. </p> </li>
 
-<li> <p> Some Debian-based Postfix distributions patch Postfix to
+<li> <p> Some Debian-based Postfix distributions ignore the
-hardcode a non-default search path, making it impossible to set an
+"<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a>" parameter setting, and force Postfix to
-alternate search path via the "<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a>" parameter.  This
+open the file <code>/etc/postfix/sasl/smtpd.conf</code>. </p> </li>
-is likely to be the case when the distribution documents a
-Postfix-specific path (e.g. <code>/etc/postfix/sasl/</code>) that is
-different from the default value of "<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a>" (which
-then is likely to be empty). </p> </li>
 
 </ul>
 

postfix/html/postconf.5.html

@@ -1851,6 +1851,10 @@ currently used only to locate the $<a href="postconf.5.html#smtpd_sasl_path">smt
 Specify zero or more directories separated by a colon character,
 or an empty value to use Cyrus SASL's built-in search path.  </p>
 
+<p> Note: some Debian-based Postfix distributions ignore the
+"<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a>" parameter setting, and force Postfix to
+open the file <code>/etc/postfix/sasl/smtpd.conf</code>. </p>
+
 <p> This feature is available in Postfix 2.5 and later when compiled
 with Cyrus SASL 2.1.22 or later. </p>
 

postfix/man/man5/postconf.5

@@ -1111,6 +1111,10 @@ currently used only to locate the $smtpd_sasl_path.conf file.
 Specify zero or more directories separated by a colon character,
 or an empty value to use Cyrus SASL's built\-in search path.
 .PP
+Note: some Debian\-based Postfix distributions ignore the
+"cyrus_sasl_config_path" parameter setting, and force Postfix to
+open the file <code>/etc/postfix/sasl/smtpd.conf</code>.
+.PP
 This feature is available in Postfix 2.5 and later when compiled
 with Cyrus SASL 2.1.22 or later.
 .SH daemon_directory (default: see "postconf \-d" output)

postfix/proto/SASL_README.html

@@ -281,13 +281,9 @@ configuration file in <code>/etc/postfix/sasl/</code>,
 cyrus_sasl_config_path</code> and/or the distribution-specific
 documentation to determine the expected location. </p> </li>
 
-<li> <p> Some Debian-based Postfix distributions patch Postfix to
+<li> <p> Some Debian-based Postfix distributions ignore the
-hardcode a non-default search path, making it impossible to set an
+"cyrus_sasl_config_path" parameter setting, and force Postfix to
-alternate search path via the "cyrus_sasl_config_path" parameter.  This
+open the file <code>/etc/postfix/sasl/smtpd.conf</code>. </p> </li>
-is likely to be the case when the distribution documents a
-Postfix-specific path (e.g. <code>/etc/postfix/sasl/</code>) that is
-different from the default value of "cyrus_sasl_config_path" (which
-then is likely to be empty). </p> </li>
 
 </ul>
 

postfix/proto/postconf.proto

@@ -11289,6 +11289,10 @@ currently used only to locate the $smtpd_sasl_path.conf file.
 Specify zero or more directories separated by a colon character,
 or an empty value to use Cyrus SASL's built-in search path.  </p>
 
+<p> Note: some Debian-based Postfix distributions ignore the
+"cyrus_sasl_config_path" parameter setting, and force Postfix to
+open the file <code>/etc/postfix/sasl/smtpd.conf</code>. </p>
+
 <p> This feature is available in Postfix 2.5 and later when compiled
 with Cyrus SASL 2.1.22 or later. </p>
 

postfix/src/dns/dns_lookup.c

@@ -745,6 +745,7 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
 		              DNS_FIXED *fixed)
 {
     char    temp[DNS_NAME_LEN];
+    char    ltemp[USHRT_MAX];
     char   *tempbuf = temp;
     UINT32_TYPE soa_buf[5];
     int     comp_len;
@@ -754,6 +755,7 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
     unsigned port = 0;
     unsigned char *src;
     unsigned char *dst;
+    int     frag_len;
     int     ch;
 
 #define MIN2(a, b)	((unsigned)(a) < (unsigned)(b) ? (a) : (b))
@@ -826,17 +828,28 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
 #endif
 
 	/*
-	 * We impose the same length limit here as for DNS names. However,
+	 * Impose the maximum length (65536) limit for TXT records.
-	 * see T_TLSA discussion below.
 	 */
     case T_TXT:
-	data_len = MIN2(pos[0] + 1, MIN2(fixed->length + 1, sizeof(temp)));
+	for (src = pos, dst = (unsigned char *) ltemp;
-	for (src = pos + 1, dst = (unsigned char *) (temp);
+	     src < pos + fixed->length; /* */ ) {
-	     dst < (unsigned char *) (temp) + data_len - 1; /* */ ) {
+	    frag_len = *src++;
+	    if (msg_verbose)
+		msg_info("frag_len=%d text=\"%.*s\"",
+			 (int) frag_len, (int) frag_len, (char *) src);
+	    if (frag_len > reply->end - src
+	     || frag_len >= ((unsigned char *) ltemp + sizeof(ltemp)) - dst) {
+		msg_warn("extract_answer: bad TXT string length: %d", frag_len);
+		return (DNS_RETRY);
+	    }
+	    while (frag_len-- > 0) {
 		ch = *src++;
 		*dst++ = (ISPRINT(ch) ? ch : ' ');
 	    }
-	*dst = 0;
+	}
+	*dst++ = 0;
+	tempbuf = ltemp;
+	data_len = dst - (unsigned char *) tempbuf;
 	break;
 
 	/*

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20240722"
+#define MAIL_RELEASE_DATE	"20240724"
 #define MAIL_VERSION_NUMBER	"3.10"
 
 #ifdef SNAPSHOT