Bugfix: the 20121010 fix for tls_misc.c was documented but
not included.
+
+20130403
+
+ Bugfix (introduced: Postfix 2.3): don't reuse TCP connections
+ when smtp_tls_policy_maps is specified. Victor Duchovni.
+ Found during Postfix 2.11 code maintenance. File:
+ smtp/smtp_reuse.c.
+
+20130423
+
+ Bugfix (introduced: Postfix 2.0): when myhostname is not
+ listed in mydestination, the trivial-rewrite resolver may
+ log "do not list <myhostname value> in both mydestination
+ and <name of non-mydestination domain list>". The fix is
+ to re-resolve a domain-less address after adding $myhostname
+ as the surrogate domain, so that it pops out with the right
+ address-class label. Problem reported by Quanah Gibson-Mount.
+ File: trivial-rewrite/resolve.c.
+
+20130425
+
+ Bugfix (introduced: Postfix 2.2): don't reuse TCP connections
+ when SASL authentication is enabled. SASL passwords may
+ depend on the remote SMTP server hostname, but the Postfix
+ <2.11 SMTP connection cache client does not distinguish
+ between different hostnames that resolve to the same IP
+ address. Found during Postfix 2.11 code maintenance. File:
+ smtp/smtp_connect.c.
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20130203"
-#define MAIL_VERSION_NUMBER "2.8.14"
+#define MAIL_RELEASE_DATE "20130622"
+#define MAIL_VERSION_NUMBER "2.8.15"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
state->misc_flags &= ~SMTP_MISC_FLAG_CONN_CACHE_MASK;
/*
- * XXX Disable connection caching when sender-dependent authentication is
+ * XXX Disable connection caching when SASL authentication is
* enabled. We must not send someone elses mail over an authenticated
* connection, and we must not send mail that requires authentication
* over a connection that wasn't authenticated.
*/
- if (var_smtp_sender_auth)
+ if (var_smtp_sasl_passwd && *var_smtp_sasl_passwd)
return;
if (smtp_cache_dest && string_list_match(smtp_cache_dest, dest)) {
* credentials or the wrong TLS policy.
*/
if ((var_smtp_tls_per_site && *var_smtp_tls_per_site)
- || (var_smtp_sasl_passwd && *var_smtp_sasl_passwd))
+ || (var_smtp_tls_policy && *var_smtp_tls_policy))
return (0);
/*
tok822_free(tree->head);
tree->head = 0;
}
- /* XXX must be localpart only, not user@domain form. */
- if (tree->head == 0)
+ /* XXX Re-resolve the surrogate, in case already in user@domain form. */
+ if (tree->head == 0) {
tree->head = tok822_scan(var_empty_addr, &tree->tail);
+ continue;
+ }
+
+ /* XXX Re-resolve with @$myhostname for backwards compatibility. */
+ if (domain == 0 && saved_domain == 0) {
+ tok822_sub_append(tree, tok822_alloc('@', (char *) 0));
+ tok822_sub_append(tree, tok822_scan(var_myhostname, (TOK822 **) 0));
+ continue;
+ }
/*
* We're done. There are no domains left to strip off the address,
projects / thirdparty / postfix.git / commitdiff
