Prereq: "3.2.19" diff -ur --new-file /var/tmp/postfix-3.2.19/src/global/mail_version.h ./src/global/mail_version.h --- /var/tmp/postfix-3.2.19/src/global/mail_version.h 2020-07-26 14:11:20.000000000 -0400 +++ ./src/global/mail_version.h 2020-11-07 16:33:34.000000000 -0500 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20200726" -#define MAIL_VERSION_NUMBER "3.2.19" +#define MAIL_RELEASE_DATE "20201107" +#define MAIL_VERSION_NUMBER "3.2.20" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -ur --new-file /var/tmp/postfix-3.2.19/HISTORY ./HISTORY --- /var/tmp/postfix-3.2.19/HISTORY 2020-07-26 14:33:48.000000000 -0400 +++ ./HISTORY 2020-11-04 18:05:59.000000000 -0500 @@ -23366,3 +23366,43 @@ Bugfix (introduced: Postfix 3.3.13): part of a memory leak fix was backported to the wrong place. File: tls/tls_misc.c. + +20200830 + + Bugfix (introduced: Postfix 2.0): smtp_sasl_mechanism_filter + ignored table lookup errors, treating them as 'not found'. + Found during Postfix 3.6 development. File: smtp/smtp_sasl_proto.c. + +202000920 + + Bugfix (introduced: Postfix 2.3): when deleting a recipient + with a milter, delete the recipient from the duplicate + filter, so that the recipient can be added back. Backported + from Postfix 3.6. Files: global/been_here.[hc], + cleanup/cleanup_milter.c. + +20200925 + + Bugfix (introduced: before Postfix alpha): the code that + looks for Delivered-To: headers ignored headers longer than + $line_length_limit. Backported from Postfix 3.6. File: + global/delivered_hdr.c. + +20201011 + + Bugfix (introduced: Postfix 2.8): save a copy of the + postscreen_dnsbl_reply_map lookup result. This has no effect + when the recommended texthash: look table is used, but it + may avoid stale data with other lookup tables. File: + postscreen/postscreen_dnsbl.c. + +20201022 + + Bugfix (introduced: Postfix 2.2): after processing an + XCCLIENT command, the smtps service was waiting for a TLS + handshake. Found by Aki Tuomi. File: smtpd/smtpd.c. + +20201025 + + Bugfix (introduced: Postfix 2.3): static maps did not free + their casefolding buffer. File: util/dict_static.c. diff -ur --new-file /var/tmp/postfix-3.2.19/src/cleanup/cleanup_milter.c ./src/cleanup/cleanup_milter.c --- /var/tmp/postfix-3.2.19/src/cleanup/cleanup_milter.c 2017-02-18 20:58:20.000000000 -0500 +++ ./src/cleanup/cleanup_milter.c 2020-11-04 17:55:58.000000000 -0500 @@ -1742,6 +1742,10 @@ } count++; } + if (var_enable_orcpt) + been_here_drop(state->dups, "%s\n%d\n%s\n%s", + dsn_orcpt ? dsn_orcpt : "", dsn_notify, + orig_rcpt ? orig_rcpt : "", STR(int_rcpt_buf)); /* FALLTHROUGH */ case REC_TYPE_DRCP: /* canceled recipient */ case REC_TYPE_DONE: /* can't happen */ @@ -1757,6 +1761,8 @@ break; } } + if (var_enable_orcpt == 0 && count > 0) + been_here_drop_fixed(state->dups, STR(int_rcpt_buf)); if (msg_verbose) msg_info("%s: deleted %d records for recipient \"%s\"", diff -ur --new-file /var/tmp/postfix-3.2.19/src/global/been_here.c ./src/global/been_here.c --- /var/tmp/postfix-3.2.19/src/global/been_here.c 2015-01-27 14:13:22.000000000 -0500 +++ ./src/global/been_here.c 2020-11-04 17:55:58.000000000 -0500 @@ -26,6 +26,14 @@ /* BH_TABLE *dup_filter; /* char *format; /* +/* int been_here_drop_fixed(dup_filter, string) +/* BH_TABLE *dup_filter; +/* char *string; +/* +/* int been_here_drop(dup_filter, format, ...) +/* BH_TABLE *dup_filter; +/* char *format; +/* /* void been_here_free(dup_filter) /* BH_TABLE *dup_filter; /* DESCRIPTION @@ -46,6 +54,16 @@ /* been_here_check_fixed() and been_here_check() are similar /* but do not update the duplicate filter. /* +/* been_here_drop_fixed() looks up a fixed string in the given +/* table, and deletes the entry if the string was found. The +/* result is non-zero (true) if the string was found, zero +/* (false) otherwise. +/* +/* been_here_drop() formats its arguments, looks up the result +/* in the given table, and removes the entry if the formatted +/* result was found. The result is non-zero (true) if the +/* formatted result was found, zero (false) otherwise. +/* /* been_here_free() releases storage for a duplicate filter. /* /* Arguments: @@ -249,3 +267,64 @@ return (status); } + +/* been_here_drop - remove filter entry with finer control */ + +int been_here_drop(BH_TABLE *dup_filter, const char *fmt,...) +{ + VSTRING *buf = vstring_alloc(100); + int status; + va_list ap; + + /* + * Construct the string to be dropped. + */ + va_start(ap, fmt); + vstring_vsprintf(buf, fmt, ap); + va_end(ap); + + /* + * Drop the filter entry. + */ + status = been_here_drop_fixed(dup_filter, vstring_str(buf)); + + /* + * Cleanup. + */ + vstring_free(buf); + return (status); +} + +/* been_here_drop_fixed - remove filter entry */ + +int been_here_drop_fixed(BH_TABLE *dup_filter, const char *string) +{ + VSTRING *folded_string; + const char *lookup_key; + int status; + + /* + * Special processing: case insensitive lookup. + */ + if (dup_filter->flags & BH_FLAG_FOLD) { + folded_string = vstring_alloc(100); + lookup_key = casefold(folded_string, string); + } else { + folded_string = 0; + lookup_key = string; + } + + /* + * Drop the filter entry. + */ + if ((status = been_here_check_fixed(dup_filter, lookup_key)) != 0) + htable_delete(dup_filter->table, lookup_key, (void (*) (void *)) 0); + + /* + * Cleanup. + */ + if (folded_string) + vstring_free(folded_string); + + return (status); +} diff -ur --new-file /var/tmp/postfix-3.2.19/src/global/been_here.h ./src/global/been_here.h --- /var/tmp/postfix-3.2.19/src/global/been_here.h 2000-07-15 13:47:42.000000000 -0400 +++ ./src/global/been_here.h 2020-11-04 17:55:58.000000000 -0500 @@ -34,6 +34,8 @@ extern int PRINTFLIKE(2, 3) been_here(BH_TABLE *, const char *,...); extern int been_here_check_fixed(BH_TABLE *, const char *); extern int PRINTFLIKE(2, 3) been_here_check(BH_TABLE *, const char *,...); +extern int been_here_drop_fixed(BH_TABLE *, const char *); +extern int PRINTFLIKE(2, 3) been_here_drop(BH_TABLE *, const char *,...); /* LICENSE /* .ad diff -ur --new-file /var/tmp/postfix-3.2.19/src/global/delivered_hdr.c ./src/global/delivered_hdr.c --- /var/tmp/postfix-3.2.19/src/global/delivered_hdr.c 2015-01-27 10:22:33.000000000 -0500 +++ ./src/global/delivered_hdr.c 2020-11-04 17:55:58.000000000 -0500 @@ -115,6 +115,8 @@ char *cp; DELIVERED_HDR_INFO *info; const HEADER_OPTS *hdr; + int curr_type; + int prev_type; /* * Sanity check. @@ -130,15 +132,20 @@ /* * XXX Assume that mail_copy() produces delivered-to headers that fit in - * a REC_TYPE_NORM record. Lowercase the delivered-to addresses for - * consistency. + * a REC_TYPE_NORM or REC_TYPE_CONT record. Lowercase the delivered-to + * addresses for consistency. * * XXX Don't get bogged down by gazillions of delivered-to headers. */ #define DELIVERED_HDR_LIMIT 1000 - while (rec_get(fp, info->buf, 0) == REC_TYPE_NORM - && info->table->used < DELIVERED_HDR_LIMIT) { + for (prev_type = REC_TYPE_NORM; + info->table->used < DELIVERED_HDR_LIMIT + && ((curr_type = rec_get(fp, info->buf, 0)) == REC_TYPE_NORM + || curr_type == REC_TYPE_CONT); + prev_type = curr_type) { + if (prev_type != REC_TYPE_NORM) + continue; if (is_header(STR(info->buf))) { if ((hdr = header_opts_find(STR(info->buf))) != 0 && hdr->type == HDR_DELIVERED_TO) { diff -ur --new-file /var/tmp/postfix-3.2.19/src/postscreen/postscreen_dnsbl.c ./src/postscreen/postscreen_dnsbl.c --- /var/tmp/postfix-3.2.19/src/postscreen/postscreen_dnsbl.c 2017-02-18 20:58:20.000000000 -0500 +++ ./src/postscreen/postscreen_dnsbl.c 2020-11-04 17:55:58.000000000 -0500 @@ -231,6 +231,7 @@ int weight; HTABLE_INFO *ht; char *parse_err; + const char *safe_dnsbl; /* * Parse the required DNSBL domain name, the optional reply filter and @@ -271,8 +272,9 @@ ht = htable_enter(dnsbl_site_cache, saved_site, (void *) head); /* Translate the DNSBL name into a safe name if available. */ if (psc_dnsbl_reply == 0 - || (head->safe_dnsbl = dict_get(psc_dnsbl_reply, saved_site)) == 0) - head->safe_dnsbl = ht->key; + || (safe_dnsbl = dict_get(psc_dnsbl_reply, saved_site)) == 0) + safe_dnsbl = ht->key; + head->safe_dnsbl = mystrdup(safe_dnsbl); if (psc_dnsbl_reply && psc_dnsbl_reply->error) msg_fatal("%s:%s lookup error", psc_dnsbl_reply->type, psc_dnsbl_reply->name); diff -ur --new-file /var/tmp/postfix-3.2.19/src/smtp/smtp_sasl_proto.c ./src/smtp/smtp_sasl_proto.c --- /var/tmp/postfix-3.2.19/src/smtp/smtp_sasl_proto.c 2014-12-12 14:33:27.000000000 -0500 +++ ./src/smtp/smtp_sasl_proto.c 2020-11-04 18:51:02.000000000 -0500 @@ -102,6 +102,8 @@ if (VSTRING_LEN(buf) > 0) VSTRING_ADDCH(buf, ' '); vstring_strcat(buf, mech); + } else if (smtp_sasl_mechs->error) { + msg_fatal("SASL mechanism filter failed for: '%s'", mech); } } myfree(save_mech); diff -ur --new-file /var/tmp/postfix-3.2.19/src/smtpd/smtpd.c ./src/smtpd/smtpd.c --- /var/tmp/postfix-3.2.19/src/smtpd/smtpd.c 2020-03-12 11:02:29.000000000 -0400 +++ ./src/smtpd/smtpd.c 2020-11-04 17:55:58.000000000 -0500 @@ -5018,7 +5018,8 @@ * obsolete, so we don't have to provide perfect support. */ #ifdef USE_TLS - if (SMTPD_STAND_ALONE(state) == 0 && var_smtpd_tls_wrappermode) { + if (SMTPD_STAND_ALONE(state) == 0 && var_smtpd_tls_wrappermode + && state->tls_context == 0) { #ifdef USE_TLSPROXY /* We garbage-collect the VSTREAM in smtpd_state_reset() */ state->tlsproxy = tls_proxy_open(var_tlsproxy_service, diff -ur --new-file /var/tmp/postfix-3.2.19/src/util/dict_static.c ./src/util/dict_static.c --- /var/tmp/postfix-3.2.19/src/util/dict_static.c 2014-12-11 14:02:29.000000000 -0500 +++ ./src/util/dict_static.c 2020-11-04 17:55:58.000000000 -0500 @@ -52,6 +52,8 @@ static void dict_static_close(DICT *dict) { + if (dict->fold_buf) + vstring_free(dict->fold_buf); dict_free(dict); }