Prereq: "3.8.6" diff -ur --new-file /var/tmp/postfix-3.8.6/src/global/mail_version.h ./src/global/mail_version.h --- /var/tmp/postfix-3.8.6/src/global/mail_version.h 2024-03-04 11:51:28.000000000 -0500 +++ ./src/global/mail_version.h 2024-12-04 14:42:52.000000000 -0500 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20240304" -#define MAIL_VERSION_NUMBER "3.8.6" +#define MAIL_RELEASE_DATE "20241204" +#define MAIL_VERSION_NUMBER "3.8.7" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -ur --new-file /var/tmp/postfix-3.8.6/HISTORY ./HISTORY --- /var/tmp/postfix-3.8.6/HISTORY 2024-02-27 16:00:12.000000000 -0500 +++ ./HISTORY 2024-12-04 14:42:26.000000000 -0500 @@ -27326,3 +27326,46 @@ restrictions. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_rr.c, dns/test_dns_lookup.c, posttls-finger/posttls-finger.c, smtp/smtp_addr.c, smtpd/smtpd_check.c. + +20240930 + + Bugfix (defect introduced: Postfix 2.9, date 20111218): + with "smtpd_sasl_auth_enable = no", info received with + XCLIENT LOGIN was ignored by permit_sasl_authenticated. + The fix was to remove a test and to rely solely on the + sasl_mechanism property which is null when a remote SMTP + client is not authenticated. File: src/smtpd/smtpd_check.c. + +20241021 + + Bugfix (defect introduced: postfix 3.0): the default master.cf + syslog_name setting for the relay service did not preserve + multi-instance information. File: conf/master.cf. + +20241027 + + Bugfix (defect introduced: Postfix 2.3, date 20051222): + file descriptor leak after failure to connect to a Dovecot + auth server. The impact is limited because there are limits + on the number of retries (one), on the number of errors per + SMTP session (smtpd_hard_error_limit), on the number of + sessions per SMTP server process (max_use), and on the + number file handles per process (managed with sysctl). + File: xsasl/xsasl_dovecot_server.c. + +20241122 + + Bugfix (defect introduced: Postfix 3.4, date 20190121): the + postsuper command failed with "open logfile 'xxx': Permission + denied" when the maillog_file parameter specified a filename + and Postfix was not running. This was fixed by opening the + maillog_file before dropping root privileges. Files: + util/msg_logger.c, global/maillog_client.c. + +20241201 + + Bugfix (defect introduced Postfix 3.0). Missing UTF8 + autodetection for headers that are automatically generated + by Postfix (for example, a From: header with UTF8 full name + information from the password file). Reported by Michael + Tokarev. File: src/cleanup/cleanup_message.c. diff -ur --new-file /var/tmp/postfix-3.8.6/conf/master.cf ./conf/master.cf --- /var/tmp/postfix-3.8.6/conf/master.cf 2022-10-23 12:52:38.000000000 -0400 +++ ./conf/master.cf 2024-12-04 14:40:13.000000000 -0500 @@ -67,7 +67,7 @@ proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp - -o syslog_name=postfix/$service_name + -o syslog_name=${multi_instance_name?{$multi_instance_name}:{postfix}}/$service_name # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error diff -ur --new-file /var/tmp/postfix-3.8.6/src/cleanup/cleanup_message.c ./src/cleanup/cleanup_message.c --- /var/tmp/postfix-3.8.6/src/cleanup/cleanup_message.c 2024-01-18 18:39:04.000000000 -0500 +++ ./src/cleanup/cleanup_message.c 2024-12-04 14:40:13.000000000 -0500 @@ -723,8 +723,9 @@ vstring_sprintf(state->temp1, "%s.%s@%s", time_stamp, state->queue_id, var_myhostname); } - cleanup_out_format(state, REC_TYPE_NORM, "%sMessage-Id: <%s>", - state->resent, vstring_str(state->temp1)); + vstring_sprintf(state->temp2, "%sMessage-Id: <%s>", + state->resent, vstring_str(state->temp1)); + cleanup_out_header(state, state->temp2); msg_info("%s: %smessage-id=<%s>", state->queue_id, *state->resent ? "resent-" : "", vstring_str(state->temp1)); @@ -741,8 +742,9 @@ if ((state->hdr_rewrite_context || var_always_add_hdrs) && (state->headers_seen & (1 << (state->resent[0] ? HDR_RESENT_DATE : HDR_DATE))) == 0) { - cleanup_out_format(state, REC_TYPE_NORM, "%sDate: %s", + vstring_sprintf(state->temp2, "%sDate: %s", state->resent, mail_date(state->arrival_time.tv_sec)); + cleanup_out_header(state, state->temp2); } /* @@ -805,7 +807,7 @@ vstring_sprintf(state->temp2, "%sFrom: %s", state->resent, vstring_str(state->temp1)); } - CLEANUP_OUT_BUF(state, REC_TYPE_NORM, state->temp2); + cleanup_out_header(state, state->temp2); } /* diff -ur --new-file /var/tmp/postfix-3.8.6/src/global/maillog_client.c ./src/global/maillog_client.c --- /var/tmp/postfix-3.8.6/src/global/maillog_client.c 2021-04-04 10:58:40.000000000 -0400 +++ ./src/global/maillog_client.c 2024-12-04 14:40:13.000000000 -0500 @@ -120,6 +120,7 @@ static void maillog_client_logwriter_fallback(const char *text) { static int fallback_guard = 0; + static VSTREAM *fp; /* * Guard against recursive calls. @@ -129,10 +130,20 @@ * logfile. All we can do is to hope that stderr logging will bring out * the bad news. */ - if (fallback_guard == 0 && var_maillog_file && *var_maillog_file - && logwriter_one_shot(var_maillog_file, text, strlen(text)) < 0) { - fallback_guard = 1; - msg_fatal("logfile '%s' write error: %m", var_maillog_file); + if (fallback_guard++ == 0 && var_maillog_file && *var_maillog_file) { + if (text == 0 && fp != 0) { + (void) vstream_fclose(fp); + fp = 0; + } + if (fp == 0) { + fp = logwriter_open_or_die(var_maillog_file); + close_on_exec(vstream_fileno(fp), CLOSE_ON_EXEC); + } + if (text && (logwriter_write(fp, text, strlen(text)) != 0 || + vstream_fflush(fp) != 0)) { + msg_fatal("logfile '%s' write error: %m", var_maillog_file); + } + fallback_guard = 0; } } diff -ur --new-file /var/tmp/postfix-3.8.6/src/smtpd/smtpd_check.c ./src/smtpd/smtpd_check.c --- /var/tmp/postfix-3.8.6/src/smtpd/smtpd_check.c 2024-02-27 11:14:58.000000000 -0500 +++ ./src/smtpd/smtpd_check.c 2024-12-04 14:40:13.000000000 -0500 @@ -4671,13 +4671,11 @@ cpp[1], CHECK_RELAY_DOMAINS); } else if (strcasecmp(name, PERMIT_SASL_AUTH) == 0) { #ifdef USE_SASL_AUTH - if (smtpd_sasl_is_active(state)) { - status = permit_sasl_auth(state, - SMTPD_CHECK_OK, SMTPD_CHECK_DUNNO); - if (status == SMTPD_CHECK_OK) - status = smtpd_acl_permit(state, name, SMTPD_NAME_CLIENT, - state->namaddr, NO_PRINT_ARGS); - } + status = permit_sasl_auth(state, + SMTPD_CHECK_OK, SMTPD_CHECK_DUNNO); + if (status == SMTPD_CHECK_OK) + status = smtpd_acl_permit(state, name, SMTPD_NAME_CLIENT, + state->namaddr, NO_PRINT_ARGS); #endif } else if (strcasecmp(name, PERMIT_TLS_ALL_CLIENTCERTS) == 0) { status = permit_tls_clientcerts(state, 1); diff -ur --new-file /var/tmp/postfix-3.8.6/src/util/msg_logger.c ./src/util/msg_logger.c --- /var/tmp/postfix-3.8.6/src/util/msg_logger.c 2020-05-03 18:19:27.000000000 -0400 +++ ./src/util/msg_logger.c 2024-12-04 14:40:13.000000000 -0500 @@ -59,6 +59,9 @@ /* Override the fallback setting (see above) with the specified /* function pointer. This remains in effect until the next /* msg_logger_init() or msg_logger_control() call. +/* When the function is called with a null argument, it should +/* allocate resources immediately. This is needed in programs +/* that drop privileges after process initialization. /* .IP CA_MSG_LOGGER_CTL_DISABLE /* Disable the msg_logger. This remains in effect until the /* next msg_logger_init() call. @@ -320,6 +323,9 @@ msg_logger_disconnect(); if (MSG_LOGGER_NEED_SOCKET()) msg_logger_connect(); + if (msg_logger_sock == MSG_LOGGER_SOCK_NONE + && msg_logger_fallback_fn) + msg_logger_fallback_fn((char *) 0); break; default: msg_panic("%s: bad name %d", myname, name); diff -ur --new-file /var/tmp/postfix-3.8.6/src/xsasl/xsasl_dovecot_server.c ./src/xsasl/xsasl_dovecot_server.c --- /var/tmp/postfix-3.8.6/src/xsasl/xsasl_dovecot_server.c 2024-02-27 10:55:17.000000000 -0500 +++ ./src/xsasl/xsasl_dovecot_server.c 2024-12-04 14:40:13.000000000 -0500 @@ -297,6 +297,7 @@ (unsigned int) getpid()); if (vstream_fflush(sasl_stream) == VSTREAM_EOF) { msg_warn("SASL: Couldn't send handshake: %m"); + (void) vstream_fclose(sasl_stream); return (-1); } success = 0;