for the "virtual:" transport to "/etc/postfix/virtual:".
Symptom reported by Christoph Anton Mitterer.
-20200102
+20100102
Workaround: don't report bogus Berkeley DB close errors as
fatal errors. All operations before close are already error
expression of the form ``("text1" "text2") + constant'' so
we don't try to be so clever. Fix by Victor Duchovni. File:
global/mail_params.h.
+
+20110411
+
+ Cleanup: postscreen(8) and verify(8) daemons now lock their
+ respective cache file exclusively upon open, to avoid massive
+ cache corruption by unsupported sharing. Files: util/dict.h,
+ util/dict_open.c, verify/verify.c, postscreen/postscreen.c.
+
+20110414
+
+ Bugfix (introduced with Postfix SASL patch 20000314): don't
+ reuse a server SASL handle after authentication failure.
+ Problem reported by Thomas Jarosch of Intra2net AG. File:
+ smtpd/smtpd_proto.c.
With Postfix version 2.8 and later, the <b>-e</b> is no
longer needed.
- <b>-h</b> Show parameter values only, not the "<i>name = " label</i>
- <i>that normally precedes the value.</i>
+ <b>-h</b> Show parameter values only, not the "<i>name =</i> " label
+ that normally precedes the value.
<b>-l</b> List the names of all supported mailbox locking
methods. Postfix supports the following methods:
With Postfix version 2.8 and later, the \fB-e\fR is no
longer needed.
.IP \fB-h\fR
-Show parameter values only, not the "\fIname = " label
+Show parameter values only, not the "\fIname = \fR" label
that normally precedes the value.
.IP \fB-l\fR
List the names of all supported mailbox locking methods.
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20110321"
-#define MAIL_VERSION_NUMBER "2.8.2"
+#define MAIL_RELEASE_DATE "20110509"
+#define MAIL_VERSION_NUMBER "2.8.3"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
/* With Postfix version 2.8 and later, the \fB-e\fR is no
/* longer needed.
/* .IP \fB-h\fR
-/* Show parameter values only, not the "\fIname = " label
+/* Show parameter values only, not the "\fIname = \fR" label
/* that normally precedes the value.
/* .IP \fB-l\fR
/* List the names of all supported mailbox locking methods.
*
* Start the cache maintenance pseudo thread after dropping privileges.
*/
-#define PSC_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE)
+#define PSC_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE | \
+ DICT_FLAG_OPEN_LOCK)
if (*var_psc_cache_map)
psc_cache_map =
return (-1);
}
+ /* Don't reuse the SASL handle after authentication failure. */
+#ifndef SMTPD_FLAG_AUTH_USED
+#define SMTPD_FLAG_AUTH_USED (1<<15)
+#endif
+#ifndef XSASL_TYPE_CYRUS
+#define XSASL_TYPE_CYRUS "cyrus"
+#endif
+ if (state->flags & SMTPD_FLAG_AUTH_USED) {
+ smtpd_sasl_deactivate(state);
+#ifdef USE_TLS
+ if (state->tls_context != 0)
+ smtpd_sasl_activate(state, VAR_SMTPD_SASL_TLS_OPTS,
+ var_smtpd_sasl_tls_opts);
+ else
+#endif
+ smtpd_sasl_activate(state, VAR_SMTPD_SASL_OPTS,
+ var_smtpd_sasl_opts);
+ } else if (strcmp(var_smtpd_sasl_type, XSASL_TYPE_CYRUS) == 0) {
+ state->flags |= SMTPD_FLAG_AUTH_USED;
+ }
+
/*
* All authentication failures shall be logged. The 5xx reply code from
* the SASL authentication routine triggers tar-pit delays, which help to
dict_open.o: dict_unix.h
dict_open.o: htable.h
dict_open.o: msg.h
+dict_open.o: myflock.h
dict_open.o: mymalloc.h
dict_open.o: split_at.h
dict_open.o: stringops.h
mask_addr.o: sys_defs.h
match_list.o: argv.h
match_list.o: dict.h
-match_list.o: htable.h
match_list.o: match_list.c
match_list.o: match_list.h
match_list.o: match_ops.h
match_ops.o: argv.h
match_ops.o: cidr_match.h
match_ops.o: dict.h
-match_ops.o: htable.h
-match_ops.o: match_list.h
match_ops.o: match_ops.c
match_ops.o: match_ops.h
match_ops.o: msg.h
vstring_vstream.o: vstring.h
vstring_vstream.o: vstring_vstream.c
vstring_vstream.o: vstring_vstream.h
+watchdog.o: events.h
+watchdog.o: iostuff.h
watchdog.o: killme_after.h
watchdog.o: msg.h
watchdog.o: mymalloc.h
#define DICT_FLAG_FOLD_FIX (1<<14) /* case-fold key with fixed-case map */
#define DICT_FLAG_FOLD_MUL (1<<15) /* case-fold key with multi-case map */
#define DICT_FLAG_FOLD_ANY (DICT_FLAG_FOLD_FIX | DICT_FLAG_FOLD_MUL)
+#define DICT_FLAG_OPEN_LOCK (1<<16) /* open file with exclusive lock */
/* IMPORTANT: Update the dict_mask[] table when the above changes */
/* .IP DICT_FLAG_LOCK
/* With maps where this is appropriate, acquire an exclusive lock
/* before writing, and acquire a shared lock before reading.
+/* .IP DICT_FLAG_OPEN_LOCK
+/* With maps where this is appropriate, acquire an exclusive
+/* lock upon open, and report a fatal run-time error if the
+/* table is already locked.
/* .IP DICT_FLAG_FOLD_FIX
/* With databases whose lookup fields are fixed-case strings,
/* fold the search key to lower case before accessing the
#include <stringops.h>
#include <split_at.h>
#include <htable.h>
+#include <myflock.h>
/*
* lookup table for available map types.
msg_fatal("opening %s:%s %m", dict_type, dict_name);
if (msg_verbose)
msg_info("%s: %s:%s", myname, dict_type, dict_name);
+ /* XXX the choice between wait-for-lock or no-wait is hard-coded. */
+ if (dict->lock_fd >= 0 && (dict_flags & DICT_FLAG_OPEN_LOCK) != 0) {
+ if (dict_flags & DICT_FLAG_LOCK)
+ msg_panic("%s: attempt to open %s:%s with both \"open\" lock and \"access\" lock",
+ myname, dict_type, dict_name);
+ if (myflock(dict->lock_fd, INTERNAL_LOCK,
+ MYFLOCK_OP_EXCLUSIVE | MYFLOCK_OP_NOWAIT) < 0)
+ msg_fatal("%s:%s: unable to get exclusive lock: %m",
+ dict_type, dict_name);
+ }
return (dict);
}
*
* Start the cache cleanup thread after permanently dropping privileges.
*/
-#define VERIFY_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE)
+#define VERIFY_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE \
+ | DICT_FLAG_OPEN_LOCK)
saved_mask = umask(022);
verify_map =
projects / thirdparty / postfix.git / commitdiff
