Prereq: "3.2.11" diff -ur --new-file /var/tmp/postfix-3.2.11/src/global/mail_version.h ./src/global/mail_version.h --- /var/tmp/postfix-3.2.11/src/global/mail_version.h 2019-09-21 12:26:12.000000000 -0400 +++ ./src/global/mail_version.h 2020-02-02 15:10:17.000000000 -0500 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20190921" -#define MAIL_VERSION_NUMBER "3.2.11" +#define MAIL_RELEASE_DATE "20200203" +#define MAIL_VERSION_NUMBER "3.2.12" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -ur --new-file /var/tmp/postfix-3.2.11/HISTORY ./HISTORY --- /var/tmp/postfix-3.2.11/HISTORY 2019-09-21 11:55:47.000000000 -0400 +++ ./HISTORY 2020-02-02 12:42:27.000000000 -0500 @@ -23231,3 +23231,31 @@ Bugfix (introduced: Postfix-2.9.0): null pointer read, while logging a warning after a postscreen_command_filter read error. File: postscreen/postscreen_smtpd.c. + +20191014 + + Bugfix (introduced: Postfix 2.8): don't gratuitously enable + all after-220 tests when only one such test is enabled. + This made selective tests impossible with 'good' clients. + File: postscreen/postscreen_smtpd.c. + +20191214 + + Bugfix (introduced: Postfix 3.1): support for + smtp_dns_resolver_options was broken while adding support + for negative DNS response caching in postscreen. Postfix + was inadvertently changed to call res_query() instead of + res_search(). Reported by Jaroslav Skarvada. File: + dns/dns_lookup.c. + + Bugfix (introduced: Postfix 3.0): sanitize server responses + before storing them in the verify database, to avoid Postfix + warnings about malformed UTF8. File: verify/verify.c. + +20200115 + + Bugfix (introduced: Postfix 2.5): the Milter connect event + macros were evaluated before the Milter connection itself + had been negotiated. Problem reported by David Bürgin. + Files: milter/milter.h, milter/milter.c, milter/milter8.c + diff -ur --new-file /var/tmp/postfix-3.2.11/src/dns/dns_lookup.c ./src/dns/dns_lookup.c --- /var/tmp/postfix-3.2.11/src/dns/dns_lookup.c 2017-12-20 20:53:15.000000000 -0500 +++ ./src/dns/dns_lookup.c 2019-12-15 11:10:40.000000000 -0500 @@ -396,7 +396,7 @@ if (keep_notfound) /* Prepare for returning a null-padded server reply. */ memset(answer, 0, anslen); - len = res_query(name, class, type, answer, anslen); + len = res_search(name, class, type, answer, anslen); /* Begin API creep workaround. */ if (len < 0 && h_errno == 0) { SET_H_ERRNO(TRY_AGAIN); diff -ur --new-file /var/tmp/postfix-3.2.11/src/milter/milter.c ./src/milter/milter.c --- /var/tmp/postfix-3.2.11/src/milter/milter.c 2017-02-21 17:32:57.000000000 -0500 +++ ./src/milter/milter.c 2020-02-02 12:41:58.000000000 -0500 @@ -417,6 +417,8 @@ if (msg_verbose) msg_info("report connect to all milters"); for (resp = 0, m = milters->milter_list; resp == 0 && m != 0; m = m->next) { + if (m->connect_on_demand != 0) + m->connect_on_demand(m); any_macros = MILTER_MACRO_EVAL(global_macros, m, milters, conn_macros); resp = m->conn_event(m, client_name, client_addr, client_port, addr_family, any_macros); diff -ur --new-file /var/tmp/postfix-3.2.11/src/milter/milter.h ./src/milter/milter.h --- /var/tmp/postfix-3.2.11/src/milter/milter.h 2016-06-11 18:17:03.000000000 -0400 +++ ./src/milter/milter.h 2020-02-02 12:41:58.000000000 -0500 @@ -35,6 +35,7 @@ struct MILTER *next; /* linkage */ struct MILTERS *parent; /* parent information */ struct MILTER_MACROS *macros; /* private macros */ + void (*connect_on_demand) (struct MILTER *); const char *(*conn_event) (struct MILTER *, const char *, const char *, const char *, unsigned, ARGV *); const char *(*helo_event) (struct MILTER *, const char *, int, ARGV *); const char *(*mail_event) (struct MILTER *, const char **, ARGV *); diff -ur --new-file /var/tmp/postfix-3.2.11/src/milter/milter8.c ./src/milter/milter8.c --- /var/tmp/postfix-3.2.11/src/milter/milter8.c 2015-01-26 15:04:15.000000000 -0500 +++ ./src/milter/milter8.c 2020-02-02 12:41:58.000000000 -0500 @@ -1916,15 +1916,6 @@ #define STR_NE(x,y) (strcmp((x), (y)) != 0) /* - * XXX Sendmail 8 libmilter closes the MTA-to-filter socket when it finds - * out that the SMTP client has disconnected. Because of this, Postfix - * has to open a new MTA-to-filter socket for each SMTP client. - */ -#ifdef LIBMILTER_AUTO_DISCONNECT - milter8_connect(milter); -#endif - - /* * Report the event. */ switch (milter->state) { @@ -2833,6 +2824,10 @@ /* * Fill in the structure. Note: all strings must be copied. + * + * XXX Sendmail 8 libmilter closes the MTA-to-filter socket when it finds + * out that the SMTP client has disconnected. Because of this, Postfix + * has to open a new MTA-to-filter socket for each SMTP client. */ milter = (MILTER8 *) mymalloc(sizeof(*milter)); milter->m.name = mystrdup(name); @@ -2840,6 +2835,11 @@ milter->m.next = 0; milter->m.parent = parent; milter->m.macros = 0; +#ifdef LIBMILTER_AUTO_DISCONNECT + milter->m.connect_on_demand = (void (*) (struct MILTER *)) milter8_connect; +#else + milter->m.connect_on_demand = 0; +#endif milter->m.conn_event = milter8_conn_event; milter->m.helo_event = milter8_helo_event; milter->m.mail_event = milter8_mail_event; diff -ur --new-file /var/tmp/postfix-3.2.11/src/postscreen/postscreen_smtpd.c ./src/postscreen/postscreen_smtpd.c --- /var/tmp/postfix-3.2.11/src/postscreen/postscreen_smtpd.c 2019-06-30 13:22:50.000000000 -0400 +++ ./src/postscreen/postscreen_smtpd.c 2020-02-02 12:59:49.000000000 -0500 @@ -1128,16 +1128,18 @@ state->read_state = PSC_SMTPD_CMD_ST_ANY; /* - * Opportunistically make postscreen more useful by turning on the - * pipelining and non-SMTP command tests when a pre-handshake test - * failed, or when some deep test is configured as enabled. + * Disable all after-220 tests when we need to hang up immediately after + * reading the first SMTP client command. * - * XXX Make "opportunistically" configurable for each test. + * Opportunistically make postscreen more useful, by turning on all + * after-220 tests when a bad client failed a before-220 test. + * + * Otherwise, only apply the explicitly-configured after-220 tests. */ - if ((state->flags & PSC_STATE_FLAG_SMTPD_X21) == 0) { - state->flags |= PSC_STATE_MASK_SMTPD_TODO; - } else { + if (state->flags & PSC_STATE_FLAG_SMTPD_X21) { state->flags &= ~PSC_STATE_MASK_SMTPD_TODO; + } else if (state->flags & PSC_STATE_MASK_ANY_FAIL) { + state->flags |= PSC_STATE_MASK_SMTPD_TODO; } /* diff -ur --new-file /var/tmp/postfix-3.2.11/src/verify/verify.c ./src/verify/verify.c --- /var/tmp/postfix-3.2.11/src/verify/verify.c 2016-11-05 08:01:03.000000000 -0400 +++ ./src/verify/verify.c 2019-12-14 20:15:53.000000000 -0500 @@ -395,6 +395,7 @@ || STATUS_FROM_RAW_ENTRY(raw_data) != DEL_RCPT_STAT_OK) { probed = 0; updated = (long) time((time_t *) 0); + printable(STR(text), '?'); verify_make_entry(buf, addr_status, probed, updated, STR(text)); if (msg_verbose) msg_info("PUT %s status=%d probed=%ld updated=%ld text=%s",