From: Wietse Venema <wietse@porcupine.org>
Date: Sun, 24 Jul 2022 05:00:00 +0000 (-0500)
Subject: postfix-3.8-20220724
X-Git-Tag: v3.8.0-RC1~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ae9d7a6a631f4b164702a55c7674c50afc610f75;p=thirdparty%2Fpostfix.git

postfix-3.8-20220724
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index b7605b394..443cb2ab2 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -26533,3 +26533,32 @@ Apologies for any names omitted.
 
 	Documentation: edit text for clarity. File:
 	proto/MILTER_README.html.
+
+20220529
+
+	Documentation: Cyrus SASL configuration file location.
+	Viktor Dukhovni. File: proto/SASL_README.html.
+
+20220617
+
+	Cleanup: missing <stdio.h> include was causing a warning
+	on some platform. posttls-finger/posttls-finger.c.
+
+20220620
+
+	Documentation: inet_interfaces and proxy_interfaces
+	descriptions. File: proto/postconf.proto.
+
+
+20220719
+
+	Cleanup: debug logging noise in map_search_create(). Files:
+	global/map_search.c, global/map_search.ref.
+
+20220724
+
+	Workaround: in a TLS server disable Postfix's 1-element
+	internal session cache, to work around an OpenSSL 3.0
+	regression that broke TLS handshakes. It is rarely useful.
+	Report by Spil Oss, fix by Viktor Dukhovni. File:
+	tls/tls_server.c.
diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README
index 94a377eab..e5eabc57a 100644
--- a/postfix/README_FILES/SASL_README
+++ b/postfix/README_FILES/SASL_README
@@ -174,9 +174,17 @@ You can read more about the following topics:
 
   * Cyrus SASL version 2.1.22 and newer additionally search in /etc/sasl2/.
 
-  * Some Postfix distributions are modified and look for the Cyrus SASL
-    configuration file in /etc/postfix/sasl/, /var/lib/sasl2/ etc. See the
-    distribution-specific documentation to determine the expected location.
+  * li>
+    With Postfix 2.5 and later you can explicitly configure the search path via
+    the cyrus_sasl_config_path configuration parameter. Specify zero or more
+    colon-separated directories. If set empty (the default value) the search
+    path is the one compiled into the Cyrus SASL library.
+
+Some Postfix distributions employ a non-empty default value for
+cyrus_sasl_config_path to look for the Cyrus SASL configuration file in /etc/
+postfix/sasl/, /var/lib/sasl2/ etc. See the output of postconf
+cyrus_sasl_config_path and/or the distribution-specific documentation to
+determine the expected location.
 
     NNoottee
 
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index 79b1da7d6..12e8b031e 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -11,6 +11,8 @@ Wish list:
 
 	Enforce var_line_limit in util/attr_scan*c.
 
+	Investigate clang-format compatibility compared to indent.
+
 	Can tests use LD_PRELOAD to inject fake modules such as
 	fake_dns(3), fake_msg(3), fake_myaddrinfo(3) and so on?
 	One limitation is that functions etc. in a preloaded object
diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html
index eeaad4446..6520a6966 100644
--- a/postfix/html/SASL_README.html
+++ b/postfix/html/SASL_README.html
@@ -267,9 +267,17 @@ in <code>/usr/lib/sasl2/</code>. </p> </li>
 <li> <p> Cyrus SASL version 2.1.22 and newer additionally search
 in <code>/etc/sasl2/</code>. </p> </li>
 
-<li> <p> Some Postfix distributions are modified and look for the
-Cyrus SASL configuration file in <code>/etc/postfix/sasl/</code>,
-<code>/var/lib/sasl2/</code> etc. See the distribution-specific
+li> <p> With Postfix 2.5 and later you can explicitly configure the
+search path via the <code><a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a></code> configuration
+parameter. Specify zero or more colon-separated directories. If
+set empty (the default value) the search path is the one compiled
+into the Cyrus SASL library. </p> </li>
+
+<li> <p> Some Postfix distributions employ a non-empty default value
+for <code><a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a></code> to look for the Cyrus SASL
+configuration file in <code>/etc/postfix/sasl/</code>,
+<code>/var/lib/sasl2/</code> etc. See the output of <code>postconf
+<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a></code> and/or the distribution-specific
 documentation to determine the expected location. </p> </li>
 
 </ul>
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index d524d840f..4d9b705fe 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -4094,7 +4094,7 @@ Specify 0 to disable the feature. Valid delays are 0..10.
 <DT><b><a name="inet_interfaces">inet_interfaces</a>
 (default: all)</b></DT><DD>
 
-<p> The network interface addresses that this mail system receives
+<p> The local network interface addresses that this mail system receives
 mail on. Specify "all" to receive mail on all network
 interfaces (default), and "loopback-only" to receive mail
 on loopback network interfaces only (Postfix version 2.2 and later).  The
@@ -9237,7 +9237,7 @@ Examples:
 (default: empty)</b></DT><DD>
 
 <p>
-The network interface addresses that this mail system receives mail
+The remote network interface addresses that this mail system receives mail
 on by way of a proxy or network address translation unit.
 </p>
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index c579e1cba..1bdbc9cef 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -2589,7 +2589,7 @@ number of messages delivered per second.
 .PP
 Specify 0 to disable the feature. Valid delays are 0..10.
 .SH inet_interfaces (default: all)
-The network interface addresses that this mail system receives
+The local network interface addresses that this mail system receives
 mail on. Specify "all" to receive mail on all network
 interfaces (default), and "loopback\-only" to receive mail
 on loopback network interfaces only (Postfix version 2.2 and later).  The
@@ -5835,7 +5835,7 @@ propagate_unmatched_extensions = canonical, virtual
 .ad
 .ft R
 .SH proxy_interfaces (default: empty)
-The network interface addresses that this mail system receives mail
+The remote network interface addresses that this mail system receives mail
 on by way of a proxy or network address translation unit.
 .PP
 This feature is available in Postfix 2.0 and later.
diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html
index c70d24233..c3aaad7bd 100644
--- a/postfix/proto/SASL_README.html
+++ b/postfix/proto/SASL_README.html
@@ -267,9 +267,17 @@ in <code>/usr/lib/sasl2/</code>. </p> </li>
 <li> <p> Cyrus SASL version 2.1.22 and newer additionally search
 in <code>/etc/sasl2/</code>. </p> </li>
 
-<li> <p> Some Postfix distributions are modified and look for the
-Cyrus SASL configuration file in <code>/etc/postfix/sasl/</code>,
-<code>/var/lib/sasl2/</code> etc. See the distribution-specific
+li> <p> With Postfix 2.5 and later you can explicitly configure the
+search path via the <code>cyrus_sasl_config_path</code> configuration
+parameter. Specify zero or more colon-separated directories. If
+set empty (the default value) the search path is the one compiled
+into the Cyrus SASL library. </p> </li>
+
+<li> <p> Some Postfix distributions employ a non-empty default value
+for <code>cyrus_sasl_config_path</code> to look for the Cyrus SASL
+configuration file in <code>/etc/postfix/sasl/</code>,
+<code>/var/lib/sasl2/</code> etc. See the output of <code>postconf
+cyrus_sasl_config_path</code> and/or the distribution-specific
 documentation to determine the expected location. </p> </li>
 
 </ul>
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index a2160d9cf..76919f0ca 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -1996,7 +1996,7 @@ Specify 0 to disable the feature. Valid delays are 0..10.
 
 %PARAM inet_interfaces all
 
-<p> The network interface addresses that this mail system receives
+<p> The local network interface addresses that this mail system receives
 mail on. Specify "all" to receive mail on all network
 interfaces (default), and "loopback-only" to receive mail
 on loopback network interfaces only (Postfix version 2.2 and later).  The
@@ -3386,7 +3386,7 @@ propagate_unmatched_extensions = canonical, virtual
 %PARAM proxy_interfaces 
 
 <p>
-The network interface addresses that this mail system receives mail
+The remote network interface addresses that this mail system receives mail
 on by way of a proxy or network address translation unit.
 </p>
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index e1d426aca..49f073faa 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20220527"
+#define MAIL_RELEASE_DATE	"20220724"
 #define MAIL_VERSION_NUMBER	"3.8"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/global/map_search.c b/postfix/src/global/map_search.c
index 8ba6a5a98..be4b42b33 100644
--- a/postfix/src/global/map_search.c
+++ b/postfix/src/global/map_search.c
@@ -188,7 +188,6 @@ const MAP_SEARCH *map_search_create(const char *map_spec)
 		    MAP_SEARCH_CREATE_RETURN(0);
 		}
 	    }
-	    msg_info("split_nameval(\"%s\"", attr_name_val);
 	    if ((const_err = split_nameval(attr_name_val, &attr_name,
 					   &attr_value)) != 0) {
 		msg_warn("malformed map attribute in '%s': '%s'",
diff --git a/postfix/src/global/map_search.ref b/postfix/src/global/map_search.ref
index bf8184b3e..f072f253e 100644
--- a/postfix/src/global/map_search.ref
+++ b/postfix/src/global/map_search.ref
@@ -9,21 +9,13 @@ unknown: test case 4: '{type}'
 unknown: warning: malformed map specification: '{type}'
 unknown: warning: expected maptype:mapname instead of 'type'
 unknown: test case 5: '{type:name foo}'
-unknown: split_nameval("foo"
 unknown: warning: malformed map attribute in '{type:name foo}': 'missing '=' after attribute name'
 unknown: test case 6: '{type:name foo=bar}'
-unknown: split_nameval("foo=bar"
 unknown: warning: unknown map attribute in '{type:name foo=bar}': 'foo'
 unknown: test case 7: '{type:name search_order=}'
-unknown: split_nameval("search_order="
 unknown: test case 8: '{type:name search_order=one, two}'
-unknown: split_nameval("search_order=one"
-unknown: split_nameval("two"
 unknown: warning: malformed map attribute in '{type:name search_order=one, two}': 'missing '=' after attribute name'
 unknown: test case 9: '{type:name {search_order=one, two}}'
-unknown: split_nameval("search_order=one, two"
 unknown: test case 10: '{type:name {search_order=one, two, bad}}'
-unknown: split_nameval("search_order=one, two, bad"
 unknown: warning: unknown search type 'bad' in '{type:name {search_order=one, two, bad}}'
 unknown: test case 11: '{inline:{a=b} {search_order=one, two}}'
-unknown: split_nameval("search_order=one, two"
diff --git a/postfix/src/posttls-finger/posttls-finger.c b/postfix/src/posttls-finger/posttls-finger.c
index 8b34444e9..cdb0b4f9e 100644
--- a/postfix/src/posttls-finger/posttls-finger.c
+++ b/postfix/src/posttls-finger/posttls-finger.c
@@ -334,6 +334,7 @@
 #include <stdarg.h>
 #include <string.h>
 #include <ctype.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <signal.h>
diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c
index 9cfa34a80..4574e0058 100644
--- a/postfix/src/tls/tls_server.c
+++ b/postfix/src/tls/tls_server.c
@@ -751,6 +751,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
 				       sizeof(server_session_id_context));
 	SSL_CTX_set_session_cache_mode(server_ctx,
 				       SSL_SESS_CACHE_SERVER |
+				       SSL_SESS_CACHE_NO_INTERNAL |
 				       SSL_SESS_CACHE_NO_AUTO_CLEAR);
 	if (cachable) {
 	    app_ctx->cache_type = mystrdup(props->cache_type);
