From fdc3eb41438e0962457b1a14b89d70e7fdc524f7 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Mon, 9 Mar 2020 00:00:00 -0500 Subject: [PATCH] postfix-3.6-20200309 --- postfix/HISTORY | 5 +++ postfix/RELEASE_NOTES-3.5 | 52 +++++++++++++++---------------- postfix/src/global/mail_version.h | 2 +- postfix/src/smtpd/smtpd.c | 8 +++-- postfix/src/smtpd/smtpd.h | 1 + 5 files changed, 39 insertions(+), 29 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index e7579aff1..de1c56283 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -24653,3 +24653,8 @@ Apologies for any names omitted. Cleanup: harmless memory leak in postconf. File: postconf/postconf_master.c. + + Bugfix (introduced: Postfix 2.3): panic with Postfix + multi-Milter configuration during MAIL FROM. Milter client + state was not properly reset after one of the Milters failed. + Reported by WeiYu Wu. diff --git a/postfix/RELEASE_NOTES-3.5 b/postfix/RELEASE_NOTES-3.5 index 471c8517d..001e2092e 100644 --- a/postfix/RELEASE_NOTES-3.5 +++ b/postfix/RELEASE_NOTES-3.5 @@ -25,14 +25,23 @@ more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. -Major changes - IP address normalization ----------------------------------------- +Major changes - multiple relayhost in SMTP +------------------------------------------ -[Incompat 20190427] Postfix now normalizes IP addresses received -with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency -with direct connections to Postfix. This may change the appearance -of logging, and the way that check_client_access will match subnets -of an IPv6 address. +[Feature 20200111] SMTP (and LMTP) client support for a list of +nexthop destinations separated by comma or whitespace. These will +destinations be tried in the specified order. + +The list form can be specified in relayhost, transport_maps, +default_transport, and sender_dependent_default_transport_maps. + +Examples: +/etc/postfix/main.cf: + relayhost = foo.example, bar.example + default_transport = smtp:foo.example, bar.example. + +NOTE: this is an SMTP and LMTP client feature. It does not work for +other Postfix delivery agents. Major changes - certificate access ---------------------------------- @@ -110,9 +119,9 @@ Major changes - haproxy2 protocol implementation supports TCP over IPv4 and IPv6, as well as non-proxied connections; the latter are typically used for heartbeat tests. -This feature introduces no additional Postfix configuration. -The Postfix smtpd(8) and postscreen(8) daemons accept both -protocol versions. +The haproxy v2 protocol introduces no additional Postfix configuration. +The Postfix smtpd(8) and postscreen(8) daemons accept both v1 and +v2 protocol versions. Major changes - logging ----------------------- @@ -140,20 +149,11 @@ The logging in external form is consistent with the address form that Postfix 3.2 and later prefer for table lookups. It is therefore the more useful form for non-debug logging. -Major changes - multiple relayhost in SMTP ------------------------------------------- - -[Feature 20200111] SMTP (and LMTP) client support for a list of -nexthop destinations separated by comma or whitespace. These will -destinations be tried in the specified order. - -The list form can be specified in relayhost, transport_maps, -default_transport, and sender_dependent_default_transport_maps. - -Examples: -/etc/postfix/main.cf: - relayhost = foo.example, bar.example - default_transport = smtp:foo.example, bar.example. +Major changes - IP address normalization +---------------------------------------- -NOTE: this is an SMTP client feature. It does not work for other -Postfix delivery agents. +[Incompat 20190427] Postfix now normalizes IP addresses received +with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency +with direct connections to Postfix. This may change the appearance +of logging, and the way that check_client_access will match subnets +of an IPv6 address. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index bc5dbfb3e..aa75846ac 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20200308" +#define MAIL_RELEASE_DATE "20200309" #define MAIL_VERSION_NUMBER "3.6" #ifdef SNAPSHOT diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index f9b766049..2059bd5e2 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -2615,6 +2615,7 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) } if (state->milters != 0 && (state->saved_flags & MILTER_SKIP_FLAGS) == 0) { + state->flags |= SMTPD_FLAG_NEED_MILTER_ABORT; PUSH_STRING(saved_sender, state->sender, STR(state->addr_buf)); err = milter_mail_event(state->milters, milter_argv(state, argc - 2, argv + 2)); @@ -2730,11 +2731,14 @@ static void mail_reset(SMTPD_STATE *state) state->queue_id = 0; } if (state->sender) { - if (state->milters != 0) - milter_abort(state->milters); myfree(state->sender); state->sender = 0; } + /* WeiYu Wu: need to undo milter_mail_event() state change. */ + if (state->flags & SMTPD_FLAG_NEED_MILTER_ABORT) { + milter_abort(state->milters); + state->flags &= ~SMTPD_FLAG_NEED_MILTER_ABORT; + } if (state->verp_delims) { myfree(state->verp_delims); state->verp_delims = 0; diff --git a/postfix/src/smtpd/smtpd.h b/postfix/src/smtpd/smtpd.h index ae194035c..490cda2fa 100644 --- a/postfix/src/smtpd/smtpd.h +++ b/postfix/src/smtpd/smtpd.h @@ -206,6 +206,7 @@ typedef struct { #define SMTPD_FLAG_ILL_PIPELINING (1<<1) /* inappropriate pipelining */ #define SMTPD_FLAG_AUTH_USED (1<<2) /* don't reuse SASL state */ #define SMTPD_FLAG_SMTPUTF8 (1<<3) /* RFC 6531/2 transaction */ +#define SMTPD_FLAG_NEED_MILTER_ABORT (1<<4) /* undo milter_mail_event() */ /* Security: don't reset SMTPD_FLAG_AUTH_USED. */ #define SMTPD_MASK_MAIL_KEEP \ -- 2.47.3