From: Wietse Z Venema Date: Tue, 23 Dec 2025 05:00:00 +0000 (-0500) Subject: postfix-3.12-20251223 X-Git-Tag: v3.11.0-RC1~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=94da189bdec0c3b67fc294ab0bae676fdd4e2989;p=thirdparty%2Fpostfix.git postfix-3.12-20251223 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index f6578bba8..925ee13ad 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -30268,3 +30268,14 @@ Apologies for any names omitted. TLS status logging in postconf(5). Opened the postfix-3.12-yyyymmdd development series. + +20251223 + + Converted tests to support the C23 built-in bool type, and + fixed a few portability problems. Some tests in (util, dns, + smtpd) still need to be made hermetic. Files: + cleanup/cleanup_message_test.c, smtp/smtp_tls_policy_test.c, + smtpd/smtpd_check.c, util/Makefile.in, util/ossl_digest_test.c, + util/unescape.ref. + + Documentation: minor edits of Postfix 3.11.0 RELEASE_NOTES. diff --git a/postfix/RELEASE_NOTES-3.11 b/postfix/RELEASE_NOTES-3.11 index 2af5f4277..e661ece6a 100644 --- a/postfix/RELEASE_NOTES-3.11 +++ b/postfix/RELEASE_NOTES-3.11 @@ -31,8 +31,8 @@ Major changes - database [Feature 20250321] Safety: the SQLite client now logs a warning when a query uses double quotes instead of the Postfix-recommended -single quotes. The non-recommended form is not protected against -SQL injection. +single quotes. Only the recommended form is protected against SQL +injection. [Feature 20250509] Support to run all memcache lookup keys through an OpenSSL digest function. This prevents a database access error @@ -117,11 +117,6 @@ This avoids a worst-case scenario where after a single Milter error, Postfix would tempfail all messages that the client sends over a long-lived connection, even if the Milter error was only temporary. -The bounce daemon now logs ": sender non-delivery -notification: " *before* the cleanup daemon logs -activity with , instead of after. This makes the -logging easier to analyze. - Major changes - mime support ---------------------------- @@ -138,8 +133,7 @@ line, or 3) reject: Log a "mime-error" and reject the message. Note that the 'empty line' separator is not used for DKIM signature -checks, so it does not matter that Postfix inserts one if it is -missing. +checks. Therefore, adding a missing separator does not break DKIM. Major changes - mta-sts ----------------------- @@ -238,9 +232,8 @@ This reuses logic that was introduced for REQUIRETLS. [Feature 20250824] When a message needs to be delivered with SMTPUTF8, but a remote server does not support it, the Postfix SMTP client -will try alternate servers instead of returning the message -immediately. This reuses on new code that was implemented for -REQUIRETLS, +may now try alternate servers instead of returning the message +immediately. This reuses code that was implemented for REQUIRETLS. Major changes - tls support --------------------------- @@ -266,7 +259,7 @@ and corresponding public-key certificate chain are configured. 3.5 and later, change the tls_eecdh_auto_curves default value to avoid problems with network infrastructure that mis-handles TLS hello messages larger than one (Ethernet) TCP segment. This problem -is mre generally known as "protocol ossification". +is more generally known as "protocol ossification". Major changes - tlsrpt ---------------------- diff --git a/postfix/proto/stop b/postfix/proto/stop index 36264d31d..55646792f 100644 --- a/postfix/proto/stop +++ b/postfix/proto/stop @@ -1704,3 +1704,6 @@ js posttls prepended sts +jF +jM +jP diff --git a/postfix/src/cleanup/cleanup_message_test.c b/postfix/src/cleanup/cleanup_message_test.c index bef2b9dc7..19d5266f4 100644 --- a/postfix/src/cleanup/cleanup_message_test.c +++ b/postfix/src/cleanup/cleanup_message_test.c @@ -52,19 +52,19 @@ /* * Stubs for configuration parameter dependencies. */ -int var_always_add_hdrs; -int var_auto_8bit_enc_hdr; +bool var_always_add_hdrs; +bool var_auto_8bit_enc_hdr; int var_body_check_len; -int var_cleanup_mask_stray_cr_lf; +bool var_cleanup_mask_stray_cr_lf; int var_dup_filter_limit; -int var_force_mime_iconv; +bool var_force_mime_iconv; char *var_full_name_encoding_charset; char *var_header_checks; int var_hopcount_limit; char *var_mimehdr_checks; char *var_nesthdr_checks; char *var_rcpt_witheld; -int var_reqtls_esmtp_hdr; +bool var_reqtls_esmtp_hdr; MAPS *cleanup_comm_canon_maps; MAPS *cleanup_send_canon_maps; diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 50d92529b..9812e06cf 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20251222" +#define MAIL_RELEASE_DATE "20251223" #define MAIL_VERSION_NUMBER "3.12" #ifdef SNAPSHOT diff --git a/postfix/src/smtp/smtp_tls_policy_test.c b/postfix/src/smtp/smtp_tls_policy_test.c index 59284f948..f229e53b2 100644 --- a/postfix/src/smtp/smtp_tls_policy_test.c +++ b/postfix/src/smtp/smtp_tls_policy_test.c @@ -70,7 +70,7 @@ char *var_smtp_tls_mand_excl; char *var_smtp_dns_res_opt; char *var_smtp_dns_support; char *var_smtp_tls_insecure_mx_policy; -int var_ign_mx_lookup_err; +bool var_ign_mx_lookup_err; bool var_smtp_enforce_tls; bool var_smtp_tls_enforce_peername; bool var_smtp_tls_force_tlsa; diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index ae122e336..4525448a0 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -5821,8 +5821,6 @@ int var_map_defer_code; int var_reject_code; int var_defer_code; int var_non_fqdn_code; -int var_smtpd_delay_reject; -int var_allow_untrust_route; int var_mul_rcpt_code; int var_unv_from_rcode; int var_unv_from_dcode; @@ -5832,7 +5830,6 @@ int var_local_rcpt_code; int var_relay_rcpt_code; int var_virt_mailbox_code; int var_virt_alias_code; -int var_show_unk_rcpt_table; int var_verify_poll_count; int var_verify_poll_delay; int var_smtpd_policy_tmout; @@ -5841,16 +5838,10 @@ int var_smtpd_policy_ttl; int var_smtpd_policy_req_limit; int var_smtpd_policy_try_limit; int var_smtpd_policy_try_delay; -int var_smtpd_rej_unl_from; -int var_smtpd_rej_unl_rcpt; int var_plaintext_code; -bool var_smtpd_peername_lookup; -bool var_smtpd_client_port_log; char *var_smtpd_dns_re_filter; -bool var_smtpd_tls_ask_ccert; int var_smtpd_cipv4_prefix; int var_smtpd_cipv6_prefix; -bool var_smtpd_tls_enable_rpk; #define int_table test_int_table @@ -5867,8 +5858,6 @@ static const INT_TABLE int_table[] = { VAR_REJECT_CODE, DEF_REJECT_CODE, &var_reject_code, VAR_DEFER_CODE, DEF_DEFER_CODE, &var_defer_code, VAR_NON_FQDN_CODE, DEF_NON_FQDN_CODE, &var_non_fqdn_code, - VAR_SMTPD_DELAY_REJECT, DEF_SMTPD_DELAY_REJECT, &var_smtpd_delay_reject, - VAR_ALLOW_UNTRUST_ROUTE, DEF_ALLOW_UNTRUST_ROUTE, &var_allow_untrust_route, VAR_MUL_RCPT_CODE, DEF_MUL_RCPT_CODE, &var_mul_rcpt_code, VAR_UNV_FROM_RCODE, DEF_UNV_FROM_RCODE, &var_unv_from_rcode, VAR_UNV_FROM_DCODE, DEF_UNV_FROM_DCODE, &var_unv_from_dcode, @@ -5878,17 +5867,10 @@ static const INT_TABLE int_table[] = { VAR_RELAY_RCPT_CODE, DEF_RELAY_RCPT_CODE, &var_relay_rcpt_code, VAR_VIRT_ALIAS_CODE, DEF_VIRT_ALIAS_CODE, &var_virt_alias_code, VAR_VIRT_MAILBOX_CODE, DEF_VIRT_MAILBOX_CODE, &var_virt_mailbox_code, - VAR_SHOW_UNK_RCPT_TABLE, DEF_SHOW_UNK_RCPT_TABLE, &var_show_unk_rcpt_table, VAR_VERIFY_POLL_COUNT, 3, &var_verify_poll_count, - VAR_SMTPD_REJ_UNL_FROM, DEF_SMTPD_REJ_UNL_FROM, &var_smtpd_rej_unl_from, - VAR_SMTPD_REJ_UNL_RCPT, DEF_SMTPD_REJ_UNL_RCPT, &var_smtpd_rej_unl_rcpt, VAR_PLAINTEXT_CODE, DEF_PLAINTEXT_CODE, &var_plaintext_code, - VAR_SMTPD_PEERNAME_LOOKUP, DEF_SMTPD_PEERNAME_LOOKUP, &var_smtpd_peername_lookup, - VAR_SMTPD_CLIENT_PORT_LOG, DEF_SMTPD_CLIENT_PORT_LOG, &var_smtpd_client_port_log, - VAR_SMTPD_TLS_ACERT, DEF_SMTPD_TLS_ACERT, &var_smtpd_tls_ask_ccert, VAR_SMTPD_CIPV4_PREFIX, DEF_SMTPD_CIPV4_PREFIX, &var_smtpd_cipv4_prefix, VAR_SMTPD_CIPV6_PREFIX, DEF_SMTPD_CIPV6_PREFIX, &var_smtpd_cipv6_prefix, - VAR_SMTPD_TLS_ENABLE_RPK, DEF_SMTPD_TLS_ENABLE_RPK, &var_smtpd_tls_enable_rpk, 0, }; @@ -5922,7 +5904,64 @@ static int int_update(char **argv) /* * Boolean parameters. */ +typedef struct { + char *name; + int defval; + bool *target; +} BOOL_TABLE; + bool var_relay_before_rcpt_checks; +bool var_smtpd_delay_reject; +bool var_allow_untrust_route; +bool var_show_unk_rcpt_table; +bool var_smtpd_rej_unl_from; +bool var_smtpd_rej_unl_rcpt; +bool var_smtpd_peername_lookup; +bool var_smtpd_client_port_log; +bool var_smtpd_tls_ask_ccert; +bool var_smtpd_tls_enable_rpk; + +#define bool_table test_bool_table + +static const BOOL_TABLE bool_table[] = { + VAR_SMTPD_DELAY_REJECT, DEF_SMTPD_DELAY_REJECT, &var_smtpd_delay_reject, + VAR_ALLOW_UNTRUST_ROUTE, DEF_ALLOW_UNTRUST_ROUTE, &var_allow_untrust_route, + VAR_SHOW_UNK_RCPT_TABLE, DEF_SHOW_UNK_RCPT_TABLE, &var_show_unk_rcpt_table, + VAR_SMTPD_REJ_UNL_FROM, DEF_SMTPD_REJ_UNL_FROM, &var_smtpd_rej_unl_from, + VAR_SMTPD_REJ_UNL_RCPT, DEF_SMTPD_REJ_UNL_RCPT, &var_smtpd_rej_unl_rcpt, + VAR_SMTPD_PEERNAME_LOOKUP, DEF_SMTPD_PEERNAME_LOOKUP, &var_smtpd_peername_lookup, + VAR_SMTPD_CLIENT_PORT_LOG, DEF_SMTPD_CLIENT_PORT_LOG, &var_smtpd_client_port_log, + VAR_SMTPD_TLS_ACERT, DEF_SMTPD_TLS_ACERT, &var_smtpd_tls_ask_ccert, + VAR_SMTPD_TLS_ENABLE_RPK, DEF_SMTPD_TLS_ENABLE_RPK, &var_smtpd_tls_enable_rpk, + 0, +}; + +/* bool_init - initialize bool parameters */ + +static void bool_init(void) +{ + const BOOL_TABLE *sp; + + for (sp = bool_table; sp->name; sp++) + sp->target[0] = sp->defval; +} + +/* bool_update - update bool parameter */ + +static bool bool_update(char **argv) +{ + const BOOL_TABLE *ip; + + for (ip = bool_table; ip->name; ip++) { + if (strcasecmp(argv[0], ip->name) == 0) { + if (!ISDIGIT(*argv[1])) + msg_fatal("bad number: %s %s", ip->name, argv[1]); + ip->target[0] = atoi(argv[1]); + return (1); + } + } + return (0); +} /* * Restrictions. @@ -6130,6 +6169,7 @@ int main(int argc, char **argv) usage(argv[0]); string_init(); int_init(); + bool_init(); smtpd_check_init(); smtpd_expand_init(); (void) inet_proto_init(argv[0], INET_PROTO_NAME_IPV4); @@ -6385,6 +6425,7 @@ int main(int argc, char **argv) var_local_rwr_clients); } if (int_update(args->argv) + || bool_update(args->argv) || string_update(args->argv) || rest_update(args->argv)) { resp = 0; diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index 328eb77f4..292b473fd 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -686,7 +686,7 @@ mac_expand_test: mac_expand mac_expand.in mac_expand.ref rm -f mac_expand.tmp unescape_test: unescape unescape.in unescape.ref - $(SHLIB_ENV) ${VALGRIND} ./unescape unescape.tmp + $(SHLIB_ENV) ${VALGRIND} ./unescape unescape.tmp diff -b unescape.ref unescape.tmp # $(SHLIB_ENV) ${VALGRIND} ./unescape unescape.tmp # diff unescape.in unescape.tmp diff --git a/postfix/src/util/dict_debug_test.sh b/postfix/src/util/dict_debug_test.sh old mode 100644 new mode 100755 diff --git a/postfix/src/util/ossl_digest_test.c b/postfix/src/util/ossl_digest_test.c index 721e6bb92..2b2cae62a 100644 --- a/postfix/src/util/ossl_digest_test.c +++ b/postfix/src/util/ossl_digest_test.c @@ -73,7 +73,7 @@ static int reports_bad_digest_name(void) char *err_string; err_string = get_error_string(); - if (strstr(err_string, bad_digest_name) == 0) { + if (*err_string && strstr(err_string, bad_digest_name) == 0) { status = FAIL; msg_warn("want: '%s', got: '%s'", bad_digest_name, err_string); } diff --git a/postfix/src/util/unescape.ref b/postfix/src/util/unescape.ref index db16fa879..fb7936800 100644 --- a/postfix/src/util/unescape.ref +++ b/postfix/src/util/unescape.ref @@ -4,7 +4,7 @@ 161 015 163 011 165 013 167 170 171 172 012 001 002 003 004 005 0000040 006 \a 8 9 \n S 4 234 5 345 6 . 7 \n r c 006 007 070 071 012 123 064 234 065 345 066 056 067 012 162 143 -0000060 p t t o : < w i e t s e @ π ** +0000060 p t t o : < w i e t s e @ 317 200 160 164 040 164 157 072 074 167 151 145 164 163 145 100 317 200 0000100 . p o r c u p i n e . o r g > \n 056 160 157 162 143 165 160 151 156 145 056 157 162 147 076 012