From: Wietse Z Venema Date: Wed, 24 Sep 2025 05:00:00 +0000 (-0500) Subject: postfix-3.11-20250924 X-Git-Tag: v3.11.0-RC1~24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e66967d164143e028f8c851a0c636bc685af7907;p=thirdparty%2Fpostfix.git postfix-3.11-20250924 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index bdf2ebc23..1aafee60e 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -29633,7 +29633,10 @@ Apologies for any names omitted. the stock main.cf file. Problem diagnosed by Eray Aslan. File: conf/main.cf. -20250920 +20240924 - Added back a hunk of patch 20250911 that had somehow gone - missing. File: smtp/smtp.h. + TLSRPT Workaround: when policies[*].policy.policy-type is + "no-policy-found", report the TLSRPT policy domain name as + the policies[*].policy.policy-domain value. This ignores + that TLSA policies must be reported with different policy-domain + values than STS policies. File: tls/tlsrpt_wrapper.c. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index a6b120a5f..18d00303c 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20250920" +#define MAIL_RELEASE_DATE "20250924" #define MAIL_VERSION_NUMBER "3.11" #ifdef SNAPSHOT diff --git a/postfix/src/tls/tlsrpt_wrapper.c b/postfix/src/tls/tlsrpt_wrapper.c index 99f6f0489..3feca68bf 100644 --- a/postfix/src/tls/tlsrpt_wrapper.c +++ b/postfix/src/tls/tlsrpt_wrapper.c @@ -161,7 +161,8 @@ /* policies[].policy.policy-string[]. Ignored if the tls_policy_type /* value is TLSRPT_NO_POLICY_FOUND. /* .IP tls_policy_domain (may be null) -/* policies[].policy.policy-domain. +/* policies[].policy.policy-domain. If null, this defaults to the +/* TLSRPT policy domain. /* .IP mx_host_patterns (may be null) /* policies[].policy.mx-host[]. Ignored if the tls_policy_type /* value is TLSRPT_NO_POLICY_FOUND. @@ -403,10 +404,12 @@ void trw_set_tls_policy(TLSRPT_WRAPPER *trw, PSTR_OR_NULL(mx_host_patterns)); trw->tls_policy_type = tls_policy_type; + if (tls_policy_domain == 0) + tls_policy_domain = trw->rpt_policy_domain; MYFREE_IF_SET_AND_COPY(trw->tls_policy_domain, tls_policy_domain); if (tls_policy_type == TLSRPT_NO_POLICY_FOUND) { ARGV_FREE_IF_SET_AND_CLEAR(trw->tls_policy_strings); - ARGV_FREE_IF_SET_AND_CLEAR(trw->tls_policy_strings); + ARGV_FREE_IF_SET_AND_CLEAR(trw->mx_host_patterns); } else { ARGV_FREE_IF_SET_AND_COPY(trw->tls_policy_strings, tls_policy_strings); ARGV_FREE_IF_SET_AND_COPY(trw->mx_host_patterns, mx_host_patterns);