diff --git a/postfix/HISTORY b/postfix/HISTORY index 21d532adb..af83144d6 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -24834,3 +24834,51 @@ Apologies for any names omitted. Cleanup: the posttls-finger '-X' option reported a false conflict with '-r'. File: posttls-finger/posttls-finger.c. + +20200830 + + Bugfix (introduced: Postfix 2.0): smtp_sasl_mechanism_filter + ignored table lookup errors, treating them as 'not found'. + Found during Postfix 3.6 development. File: smtp/smtp_sasl_proto.c. + +202000920 + + Bugfix (introduced: Postfix 2.3): when deleting a recipient + with a milter, delete the recipient from the duplicate + filter, so that the recipient can be added back. Backported + from Postfix 3.6. Files: global/been_here.[hc], + cleanup/cleanup_milter.c. + +20200925 + + Bugfix (introduced: before Postfix alpha): the code that + looks for Delivered-To: headers ignored headers longer than + $line_length_limit. Backported from Postfix 3.6. File: + global/delivered_hdr.c. + +20201011 + + Bugfix (introduced: Postfix 2.8): save a copy of the + postscreen_dnsbl_reply_map lookup result. This has no effect + when the recommended texthash: look table is used, but it + may avoid stale data with other lookup tables. File: + postscreen/postscreen_dnsbl.c. + +20201022 + + Bugfix (introduced: Postfix 2.2): after processing an + XCCLIENT command, the smtps service was waiting for a TLS + handshake. Found by Aki Tuomi. File: smtpd/smtpd.c. + +20201025 + + Bugfix (introduced: Postfix 2.3): static maps did not free + their casefolding buffer. File: util/dict_static.c. + +20201104 + + Bugfix (introduced: Postfix 3.5): the Postfix SMTP client + broke message headers longer than $line_length_limit, causing + subsequent header content to become message body content. + Reported by Andreas Weigel, fix by Viktor Dukhovni. File: + smtp/smtp_proto.c. diff --git a/postfix/src/cleanup/cleanup_milter.c b/postfix/src/cleanup/cleanup_milter.c index 1424880e2..26a396d48 100644 --- a/postfix/src/cleanup/cleanup_milter.c +++ b/postfix/src/cleanup/cleanup_milter.c @@ -1803,6 +1803,10 @@ static const char *cleanup_del_rcpt(void *context, const char *ext_rcpt) } count++; } + if (var_enable_orcpt) + been_here_drop(state->dups, "%s\n%d\n%s\n%s", + dsn_orcpt ? dsn_orcpt : "", dsn_notify, + orig_rcpt ? orig_rcpt : "", STR(int_rcpt_buf)); /* FALLTHROUGH */ case REC_TYPE_DRCP: /* canceled recipient */ case REC_TYPE_DONE: /* can't happen */ @@ -1818,6 +1822,8 @@ static const char *cleanup_del_rcpt(void *context, const char *ext_rcpt) break; } } + if (var_enable_orcpt == 0 && count > 0) + been_here_drop_fixed(state->dups, STR(int_rcpt_buf)); if (msg_verbose) msg_info("%s: deleted %d records for recipient \"%s\"", diff --git a/postfix/src/global/been_here.c b/postfix/src/global/been_here.c index 9390c8e85..8147829c4 100644 --- a/postfix/src/global/been_here.c +++ b/postfix/src/global/been_here.c @@ -26,6 +26,14 @@ /* BH_TABLE *dup_filter; /* char *format; /* +/* int been_here_drop_fixed(dup_filter, string) +/* BH_TABLE *dup_filter; +/* char *string; +/* +/* int been_here_drop(dup_filter, format, ...) +/* BH_TABLE *dup_filter; +/* char *format; +/* /* void been_here_free(dup_filter) /* BH_TABLE *dup_filter; /* DESCRIPTION @@ -46,6 +54,16 @@ /* been_here_check_fixed() and been_here_check() are similar /* but do not update the duplicate filter. /* +/* been_here_drop_fixed() looks up a fixed string in the given +/* table, and deletes the entry if the string was found. The +/* result is non-zero (true) if the string was found, zero +/* (false) otherwise. +/* +/* been_here_drop() formats its arguments, looks up the result +/* in the given table, and removes the entry if the formatted +/* result was found. The result is non-zero (true) if the +/* formatted result was found, zero (false) otherwise. +/* /* been_here_free() releases storage for a duplicate filter. /* /* Arguments: @@ -249,3 +267,64 @@ int been_here_check_fixed(BH_TABLE *dup_filter, const char *string) return (status); } + +/* been_here_drop - remove filter entry with finer control */ + +int been_here_drop(BH_TABLE *dup_filter, const char *fmt,...) +{ + VSTRING *buf = vstring_alloc(100); + int status; + va_list ap; + + /* + * Construct the string to be dropped. + */ + va_start(ap, fmt); + vstring_vsprintf(buf, fmt, ap); + va_end(ap); + + /* + * Drop the filter entry. + */ + status = been_here_drop_fixed(dup_filter, vstring_str(buf)); + + /* + * Cleanup. + */ + vstring_free(buf); + return (status); +} + +/* been_here_drop_fixed - remove filter entry */ + +int been_here_drop_fixed(BH_TABLE *dup_filter, const char *string) +{ + VSTRING *folded_string; + const char *lookup_key; + int status; + + /* + * Special processing: case insensitive lookup. + */ + if (dup_filter->flags & BH_FLAG_FOLD) { + folded_string = vstring_alloc(100); + lookup_key = casefold(folded_string, string); + } else { + folded_string = 0; + lookup_key = string; + } + + /* + * Drop the filter entry. + */ + if ((status = been_here_check_fixed(dup_filter, lookup_key)) != 0) + htable_delete(dup_filter->table, lookup_key, (void (*) (void *)) 0); + + /* + * Cleanup. + */ + if (folded_string) + vstring_free(folded_string); + + return (status); +} diff --git a/postfix/src/global/been_here.h b/postfix/src/global/been_here.h index 2c13894f6..460191389 100644 --- a/postfix/src/global/been_here.h +++ b/postfix/src/global/been_here.h @@ -35,6 +35,8 @@ extern int been_here_fixed(BH_TABLE *, const char *); extern int PRINTFLIKE(2, 3) been_here(BH_TABLE *, const char *,...); extern int been_here_check_fixed(BH_TABLE *, const char *); extern int PRINTFLIKE(2, 3) been_here_check(BH_TABLE *, const char *,...); +extern int been_here_drop_fixed(BH_TABLE *, const char *); +extern int PRINTFLIKE(2, 3) been_here_drop(BH_TABLE *, const char *,...); /* LICENSE /* .ad diff --git a/postfix/src/global/delivered_hdr.c b/postfix/src/global/delivered_hdr.c index 5a0b6f263..f34a9c715 100644 --- a/postfix/src/global/delivered_hdr.c +++ b/postfix/src/global/delivered_hdr.c @@ -115,6 +115,8 @@ DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *fp, off_t offset, int flags) char *cp; DELIVERED_HDR_INFO *info; const HEADER_OPTS *hdr; + int curr_type; + int prev_type; /* * Sanity check. @@ -130,15 +132,20 @@ DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *fp, off_t offset, int flags) /* * XXX Assume that mail_copy() produces delivered-to headers that fit in - * a REC_TYPE_NORM record. Lowercase the delivered-to addresses for - * consistency. + * a REC_TYPE_NORM or REC_TYPE_CONT record. Lowercase the delivered-to + * addresses for consistency. * * XXX Don't get bogged down by gazillions of delivered-to headers. */ #define DELIVERED_HDR_LIMIT 1000 - while (rec_get(fp, info->buf, 0) == REC_TYPE_NORM - && info->table->used < DELIVERED_HDR_LIMIT) { + for (prev_type = REC_TYPE_NORM; + info->table->used < DELIVERED_HDR_LIMIT + && ((curr_type = rec_get(fp, info->buf, 0)) == REC_TYPE_NORM + || curr_type == REC_TYPE_CONT); + prev_type = curr_type) { + if (prev_type != REC_TYPE_NORM) + continue; if (is_header(STR(info->buf))) { if ((hdr = header_opts_find(STR(info->buf))) != 0 && hdr->type == HDR_DELIVERED_TO) { diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index c228121b8..41a251a46 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20200830" -#define MAIL_VERSION_NUMBER "3.5.7" +#define MAIL_RELEASE_DATE "20201107" +#define MAIL_VERSION_NUMBER "3.5.8" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/postscreen/postscreen_dnsbl.c b/postfix/src/postscreen/postscreen_dnsbl.c index 32eec4bea..0142dd3fc 100644 --- a/postfix/src/postscreen/postscreen_dnsbl.c +++ b/postfix/src/postscreen/postscreen_dnsbl.c @@ -231,6 +231,7 @@ static void psc_dnsbl_add_site(const char *site) int weight; HTABLE_INFO *ht; char *parse_err; + const char *safe_dnsbl; /* * Parse the required DNSBL domain name, the optional reply filter and @@ -271,8 +272,9 @@ static void psc_dnsbl_add_site(const char *site) ht = htable_enter(dnsbl_site_cache, saved_site, (void *) head); /* Translate the DNSBL name into a safe name if available. */ if (psc_dnsbl_reply == 0 - || (head->safe_dnsbl = dict_get(psc_dnsbl_reply, saved_site)) == 0) - head->safe_dnsbl = ht->key; + || (safe_dnsbl = dict_get(psc_dnsbl_reply, saved_site)) == 0) + safe_dnsbl = ht->key; + head->safe_dnsbl = mystrdup(safe_dnsbl); if (psc_dnsbl_reply && psc_dnsbl_reply->error) msg_fatal("%s:%s lookup error", psc_dnsbl_reply->type, psc_dnsbl_reply->name); diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index a968ff295..a47861ef5 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -1389,17 +1389,17 @@ static void smtp_mime_fail(SMTP_STATE *state, int mime_errs) /* smtp_out_raw_or_mime - output buffer, raw output or MIME-aware */ -static int smtp_out_raw_or_mime(SMTP_STATE *state, VSTRING *buf) +static int smtp_out_raw_or_mime(SMTP_STATE *state, int rec_type, VSTRING *buf) { SMTP_SESSION *session = state->session; int mime_errs; if (session->mime_state == 0) { - smtp_text_out((void *) state, REC_TYPE_NORM, vstring_str(buf), + smtp_text_out((void *) state, rec_type, vstring_str(buf), VSTRING_LEN(buf), (off_t) 0); } else { mime_errs = - mime_state_update(session->mime_state, REC_TYPE_NORM, + mime_state_update(session->mime_state, rec_type, vstring_str(buf), VSTRING_LEN(buf)); if (mime_errs) { smtp_mime_fail(state, mime_errs); @@ -1423,7 +1423,7 @@ static int smtp_out_add_header(SMTP_STATE *state, const char *label, vstring_str(session->scratch2), QUOTE_FLAG_DEFAULT | QUOTE_FLAG_APPEND); vstring_strcat(session->scratch, gt); - return (smtp_out_raw_or_mime(state, session->scratch)); + return (smtp_out_raw_or_mime(state, REC_TYPE_NORM, session->scratch)); } /* smtp_out_add_headers - output additional headers, uses session->scratch* */ @@ -2307,7 +2307,8 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state, while ((rec_type = rec_get(state->src, session->scratch, 0)) > 0) { if (rec_type != REC_TYPE_NORM && rec_type != REC_TYPE_CONT) break; - if (smtp_out_raw_or_mime(state, session->scratch) < 0) + if (smtp_out_raw_or_mime(state, rec_type, + session->scratch) < 0) RETURN(0); prev_type = rec_type; } diff --git a/postfix/src/smtp/smtp_sasl_proto.c b/postfix/src/smtp/smtp_sasl_proto.c index c49e85cab..6a51696ab 100644 --- a/postfix/src/smtp/smtp_sasl_proto.c +++ b/postfix/src/smtp/smtp_sasl_proto.c @@ -102,6 +102,8 @@ static const char *smtp_sasl_compat_mechs(const char *words) if (VSTRING_LEN(buf) > 0) VSTRING_ADDCH(buf, ' '); vstring_strcat(buf, mech); + } else if (smtp_sasl_mechs->error) { + msg_fatal("SASL mechanism filter failed for: '%s'", mech); } } myfree(save_mech); diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 2059bd5e2..da7227f74 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -5458,7 +5458,8 @@ static void smtpd_proto(SMTPD_STATE *state) * obsolete, so we don't have to provide perfect support. */ #ifdef USE_TLS - if (SMTPD_STAND_ALONE(state) == 0 && var_smtpd_tls_wrappermode) { + if (SMTPD_STAND_ALONE(state) == 0 && var_smtpd_tls_wrappermode + && state->tls_context == 0) { #ifdef USE_TLSPROXY /* We garbage-collect the VSTREAM in smtpd_state_reset() */ state->tlsproxy = diff --git a/postfix/src/util/dict_static.c b/postfix/src/util/dict_static.c index 9141f8661..448dde0c7 100644 --- a/postfix/src/util/dict_static.c +++ b/postfix/src/util/dict_static.c @@ -73,6 +73,8 @@ static void dict_static_close(DICT *dict) if (dict_static->value) myfree(dict_static->value); + if (dict->fold_buf) + vstring_free(dict->fold_buf); dict_free(dict); }