Prereq: "3.7.2" diff -ur --new-file /var/tmp/postfix-3.7.2/src/global/mail_version.h ./src/global/mail_version.h --- /var/tmp/postfix-3.7.2/src/global/mail_version.h 2022-04-27 19:39:05.000000000 -0400 +++ ./src/global/mail_version.h 2022-10-07 17:02:17.000000000 -0400 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20220427" -#define MAIL_VERSION_NUMBER "3.7.2" +#define MAIL_RELEASE_DATE "20221007" +#define MAIL_VERSION_NUMBER "3.7.3" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -ur --new-file /var/tmp/postfix-3.7.2/HISTORY ./HISTORY --- /var/tmp/postfix-3.7.2/HISTORY 2022-04-27 19:36:44.000000000 -0400 +++ ./HISTORY 2022-10-07 17:00:33.000000000 -0400 @@ -26354,3 +26354,47 @@ Clang instead of GCC. The result was also "uninteresting" on Linux-based systems that use GCC, or on a few older systems that use GCC. + +20220719 + + Cleanup: Postfix 3.5.0 introduced debug logging noise in + map_search_create(). Files: global/map_search.c. + +20220724 + + Workaround: in a TLS server disable Postfix's 1-element + internal session cache, to work around an OpenSSL 3.0 + regression that broke TLS handshakes. It is rarely useful. + Report by Spil Oss, fix by Viktor Dukhovni. File: + tls/tls_server.c. + +20220905 + + Cleanup: Postfix 3.3.0 introduced an uninitialized + verify_append() request status in case of a null original + recipient address. File: global/verify.c. + +20220906 + + Cleanup: Postfix 3.7.1 introduced a missing msg_panic() + argument (in code that never executes). File: + cleanup/cleanup_milter.c. + +20221006 + + Bugfix (introduced: Postfix 3.7.0). A message could falsely + be flagged as corrupt with "warning: Unexpected record type + 'X'". Such messages were moved to the "corrupt" queue directory, + where they may still be found. See below for instructions to + deal with these falsely flagged messages. + + This could happen for messages with 5000 or more recipients, + or with fewer recipients on a busy mail server. Problem + reported by Frank Brendel, reproduced by John Alex. Files: + qmgr/qmgr_message.c, oqmgr/qmgr_message.c. + + A file in the "corrupt" queue directory may be inspected + with the command "postcat /var/spool/postfix/corrupt/. + If delivery of the file is still desired, the file can be + moved back to /var/spool/postfix/incoming after updating + Postfix and executing "postfix reload". diff -ur --new-file /var/tmp/postfix-3.7.2/RELEASE_NOTES ./RELEASE_NOTES --- /var/tmp/postfix-3.7.2/RELEASE_NOTES 2022-02-05 11:02:48.000000000 -0500 +++ ./RELEASE_NOTES 2022-10-07 18:42:46.000000000 -0400 @@ -25,6 +25,26 @@ the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. +Bugfix for messages not delivered after "warning: Unexpected record type 'X' +============================================================================ + +Due to a bug introduced in Postfix 3.7.0, a message could falsely +be flagged as corrupt with "warning: Unexpected record type 'X'". + +Such messages were moved to the "corrupt" queue directory, where +they may still be found. See below for instructions to deal with +these falsely flagged messages. + +This could happen for messages with 5000 or more recipients, or +with fewer recipients on a busy mail server. The problem was first +reported by Frank Brendel, reproduced by John Alex. + +A file in the "corrupt" queue directory may be inspected with the +command "postcat /var/spool/postfix/corrupt/. If delivery +of the file is still desired, the file can be moved back to +/var/spool/postfix/incoming after updating Postfix and executing +"postfix reload". + Major changes - configuration ----------------------------- diff -ur --new-file /var/tmp/postfix-3.7.2/src/cleanup/cleanup_milter.c ./src/cleanup/cleanup_milter.c --- /var/tmp/postfix-3.7.2/src/cleanup/cleanup_milter.c 2022-04-17 17:57:47.000000000 -0400 +++ ./src/cleanup/cleanup_milter.c 2022-09-06 15:42:02.000000000 -0400 @@ -530,7 +530,7 @@ msg_panic("%s: %s is empty", myname, VAR_MILT_HEAD_CHECKS); if (cleanup_milter_hbc_checks) - msg_panic("%s: cleanup_milter_hbc_checks is not null"); + msg_panic("%s: cleanup_milter_hbc_checks is not null", myname); cleanup_milter_hbc_checks = hbc_header_checks_create(VAR_MILT_HEAD_CHECKS, var_milt_head_checks, NO_MIME_HDR_NAME, NO_MIME_HDR_VALUE, @@ -538,7 +538,7 @@ &call_backs); if (cleanup_milter_hbc_reply) - msg_panic("%s: cleanup_milter_hbc_reply is not null"); + msg_panic("%s: cleanup_milter_hbc_reply is not null", myname); cleanup_milter_hbc_reply = vstring_alloc(100); } diff -ur --new-file /var/tmp/postfix-3.7.2/src/global/map_search.c ./src/global/map_search.c --- /var/tmp/postfix-3.7.2/src/global/map_search.c 2020-03-08 10:51:31.000000000 -0400 +++ ./src/global/map_search.c 2022-10-07 14:17:09.000000000 -0400 @@ -188,7 +188,6 @@ MAP_SEARCH_CREATE_RETURN(0); } } - msg_info("split_nameval(\"%s\"", attr_name_val); if ((const_err = split_nameval(attr_name_val, &attr_name, &attr_value)) != 0) { msg_warn("malformed map attribute in '%s': '%s'", diff -ur --new-file /var/tmp/postfix-3.7.2/src/global/verify.c ./src/global/verify.c --- /var/tmp/postfix-3.7.2/src/global/verify.c 2021-12-19 09:46:14.000000000 -0500 +++ ./src/global/verify.c 2022-10-07 14:30:36.000000000 -0400 @@ -108,6 +108,8 @@ if (recipient->orig_addr[0]) req_stat = verify_clnt_update(recipient->orig_addr, vrfy_stat, my_dsn.reason); + else + req_stat = VRFY_STAT_OK; /* Two verify updates for one verify request! */ if (req_stat == VRFY_STAT_OK && strcmp(recipient->address, recipient->orig_addr) != 0) diff -ur --new-file /var/tmp/postfix-3.7.2/src/oqmgr/qmgr_message.c ./src/oqmgr/qmgr_message.c --- /var/tmp/postfix-3.7.2/src/oqmgr/qmgr_message.c 2021-11-13 09:56:41.000000000 -0500 +++ ./src/oqmgr/qmgr_message.c 2022-10-06 18:29:44.000000000 -0400 @@ -465,9 +465,15 @@ message->rflags |= QMGR_READ_FLAG_SEEN_ALL_NON_RCPT; break; } - /* Examine non-recipient records in extracted segment. */ - if (vstream_fseek(message->fp, message->data_offset - + message->data_size, SEEK_SET) < 0) + + /* + * Examine non-recipient records in the extracted + * segment. Note that this skips to the message start + * record, because the handler for that record changes + * the expectations for allowed record types. + */ + if (vstream_fseek(message->fp, message->data_offset, + SEEK_SET) < 0) msg_fatal("seek file %s: %m", VSTREAM_PATH(message->fp)); continue; } diff -ur --new-file /var/tmp/postfix-3.7.2/src/qmgr/qmgr_message.c ./src/qmgr/qmgr_message.c --- /var/tmp/postfix-3.7.2/src/qmgr/qmgr_message.c 2021-11-13 09:57:06.000000000 -0500 +++ ./src/qmgr/qmgr_message.c 2022-10-06 18:28:33.000000000 -0400 @@ -505,9 +505,15 @@ message->rflags |= QMGR_READ_FLAG_SEEN_ALL_NON_RCPT; break; } - /* Examine non-recipient records in extracted segment. */ - if (vstream_fseek(message->fp, message->data_offset - + message->data_size, SEEK_SET) < 0) + + /* + * Examine non-recipient records in the extracted + * segment. Note that this skips to the message start + * record, because the handler for that record changes + * the expectations for allowed record types. + */ + if (vstream_fseek(message->fp, message->data_offset, + SEEK_SET) < 0) msg_fatal("seek file %s: %m", VSTREAM_PATH(message->fp)); continue; } diff -ur --new-file /var/tmp/postfix-3.7.2/src/tls/tls_server.c ./src/tls/tls_server.c --- /var/tmp/postfix-3.7.2/src/tls/tls_server.c 2021-12-19 10:00:25.000000000 -0500 +++ ./src/tls/tls_server.c 2022-10-07 15:48:11.000000000 -0400 @@ -751,6 +751,7 @@ sizeof(server_session_id_context)); SSL_CTX_set_session_cache_mode(server_ctx, SSL_SESS_CACHE_SERVER | + SSL_SESS_CACHE_NO_INTERNAL | SSL_SESS_CACHE_NO_AUTO_CLEAR); if (cachable) { app_ctx->cache_type = mystrdup(props->cache_type);