20231006
- Cleanup: attempt to log the SASL username after authentication
- failure. This appends ", sasl_username=xxx" to SASL authentication
- failure logging. Based on code by Jozsef Kadlecsik. Files:
- xsasl/xsasl_server.c, xsasl/xsasl_cyrus_server.c,
- smtpd/smtpd_sasl_glue.c.
+ Usability: the Postfix SMTP server now attempts to log the
+ SASL username after authentication failure. In Postfix
+ logging, this appends ", sasl_username=xxx" after the reason
+ for SASL authentication failure. The logging replaces an
+ unavailable reason with "(reason unavailable)", and replaces
+ an unavailable sasl_username with "(unavailable)". Based
+ on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c,
+ xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c.
20231008
Cleanup: explicit %.100s limits for client-controlled strings
in SASL error logging. File: smtpd/smtpd_sasl_glue.c.
+
+20231102
+
+ Bugfix (defect introduced: Postfix 2.3, date 20051222): the
+ Dovecot auth client did not reset the 'reason' from a
+ previous Dovecot auth service response, before parsing the
+ next Dovecot auth server response. Reported by Stephan
+ Bosch, File: xsasl/xsasl_dovecot_server.c.
+
+20231105
+
+ Cleanup: Postfix SMTP server response with an empty
+ authentication failure reason. File: smtpd/smtpd_sasl_glue.c.
+
+ Cleanup: proxymap error message when the service name is
+ not "proxymap" or "proxywrite". File: proxymap/proxymap.c.
+
+20231109
+
+ Portability: MariaDB emulates MySQL >= 5.7.6, but does not
+ implement mysql_real_escape_string_quote(). Fix by Levente
+ Birta. File: global/dict_mysql.c.
+
+ Portability: more precise MYSQL_VERSION_ID check. File:
+ global/dict_mysql.c.
+
+20231112
+
+ Robustness: don't loop on an 'unfinished' queue file that
+ still has its all-zero SIZE record. File: postcat/postcat.c.
postfix-install should mention makedefs.out.
- In valid_utf8_string.c, add tests for over-long encodings
- and surrogates. Can we add tests for 4-byte encodings with
- strings that are displayable?
+ Propagate information about parsed daemon command-line
+ options to service callback functions. With this, a proxywrite
+ server can enforce a process limit of 1 without duplicating
+ libmaster's command-line parsing code.
Add a pre-release check for '.' instead of ','. Generalize
from grep '[a-zA-Z0-9]\. *[a-z]' proto/*|egrep -v
figuration files.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a privileged Postfix
+ The list of environment variables that a privileged Postfix
process will import from a non-Postfix parent process, or
name=value environment overrides.
<dd>The address extension delimiter that was found in the recipient
address (Postfix 2.11 and later), or the 'first' delimiter specified
with the system-wide recipient address extension delimiter (Postfix
-3.5.22, 3.5.12, 3.7.8, 3.8.3 and later), or the system-wide recipient
+3.5.22, 3.6.12, 3.7.8, 3.8.3 and later). Historically, this was
+always the system-wide recipient
address extension delimiter (Postfix 2.10 and earlier). </dd>
<dt><b>${name?value}</b></dt>
The default location of the Postfix main.cf and master.cf
configuration files.
.IP "\fBimport_environment (see 'postconf -d' output)\fR"
-The list of environment parameters that a privileged Postfix
+The list of environment variables that a privileged Postfix
process will import from a non\-Postfix parent process, or name=value
environment overrides.
.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
The address extension delimiter that was found in the recipient
address (Postfix 2.11 and later), or the 'first' delimiter specified
with the system\-wide recipient address extension delimiter (Postfix
-3.5.22, 3.5.12, 3.7.8, 3.8.3 and later), or the system\-wide recipient
+3.5.22, 3.6.12, 3.7.8, 3.8.3 and later). Historically, this was
+always the system\-wide recipient
address extension delimiter (Postfix 2.10 and earlier).
.br
.IP "\fB${name?value}\fR"
<dd>The address extension delimiter that was found in the recipient
address (Postfix 2.11 and later), or the 'first' delimiter specified
with the system-wide recipient address extension delimiter (Postfix
-3.5.22, 3.5.12, 3.7.8, 3.8.3 and later), or the system-wide recipient
+3.5.22, 3.6.12, 3.7.8, 3.8.3 and later). Historically, this was
+always the system-wide recipient
address extension delimiter (Postfix 2.10 and earlier). </dd>
<dt><b>${name?value}</b></dt>
if (dict_mysql->active_host == 0)
msg_panic("dict_mysql_quote: no active host");
-#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50700
+#if MYSQL_VERSION_ID >= 50706 && !defined(MARIADB_VERSION_ID)
mysql_real_escape_string_quote(dict_mysql->active_host->db,
vstring_end(result), name, len, '\'');
#else
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20231030"
+#define MAIL_RELEASE_DATE "20231112"
#define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT
/* The default location of the Postfix main.cf and master.cf
/* configuration files.
/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
-/* The list of environment parameters that a privileged Postfix
+/* The list of environment variables that a privileged Postfix
/* process will import from a non-Postfix parent process, or name=value
/* environment overrides.
/* .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
break;
/* Optimization: skip to extracted segment marker. */
if (do_print == 0 && (flags & PC_FLAG_PRINT_ENV)
- && data_offset >= 0 && data_size >= 0
+ && data_offset > 0 && data_size >= 0
&& vstream_fseek(fp, data_offset + data_size, SEEK_SET) < 0)
msg_fatal("seek error: %m");
}
PRINT_MARKER(flags, fp, offset, rec_type, "MESSAGE CONTENTS");
/* Optimization: skip to extracted segment marker. */
if ((flags & PC_MASK_PRINT_TEXT) == 0
- && data_offset >= 0 && data_size >= 0
+ && data_offset > 0 && data_size >= 0
&& vstream_fseek(fp, data_offset + data_size, SEEK_SET) < 0)
msg_fatal("seek error: %m");
/* Update the state machine, even when skipping. */
proxy_writer = 1;
else if (strcmp(service_name, MAIL_SERVICE_PROXYMAP) != 0)
msg_fatal("service name must be one of %s or %s",
- MAIL_SERVICE_PROXYMAP, MAIL_SERVICE_PROXYMAP);
+ MAIL_SERVICE_PROXYWRITE, MAIL_SERVICE_PROXYMAP);
/*
* Pre-allocate buffers.
}
}
if (status != XSASL_AUTH_DONE) {
+ const char *reason = (*STR(state->sasl_reply) ? STR(state->sasl_reply) :
+ "(reason unavailable)");
+
sasl_username = xsasl_server_get_username(state->sasl_server);
msg_warn("%s: SASL %.100s authentication failed: %s, sasl_username=%.100s",
- state->namaddr, sasl_method, *STR(state->sasl_reply) ?
- STR(state->sasl_reply) : "(reason unavailable)",
+ state->namaddr, sasl_method, reason,
sasl_username ? sasl_username : "(unavailable)");
/* RFC 4954 Section 6. */
if (status == XSASL_AUTH_TEMP)
smtpd_chat_reply(state, "454 4.7.0 Temporary authentication failure: %s",
- STR(state->sasl_reply));
+ reason);
else
smtpd_chat_reply(state, "535 5.7.8 Error: authentication failed: %s",
- STR(state->sasl_reply));
+ reason);
return (-1);
}
/* RFC 4954 Section 6. */
myfree(server->username);
server->username = 0;
}
+ VSTRING_RESET(reply);
+ VSTRING_TERMINATE(reply);
/*
* Note: TAB is part of the Dovecot protocol and must not appear in
projects / thirdparty / postfix.git / commitdiff
