postfix-3.11-20250304

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 2cae52077c73d6c1633da5000d3b42b45c3f649a..955c282adb290d50542572e6f9d5fdaab618f956 100644 (file)
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -29002,3 +29002,16 @@ Apologies for any names omitted.
        default smtp_tls_dane_insecure_mx_policy setting resulted in
        unnecessary 'dnssec_probe' warnings, on systems that disable
        DNSSEC lookups (the default). File: smtp/smtp_addr.c.
+
+20250227
+
+       Improve and correct warning messages when converting (host
+       or service) information to (symbolic text, numerical text,
+       or binary) form. File: util/myaddrinfo.c.
+
+20250304
+
+       Bugfix (defect introduced: Postfix 2.3, date 20051222): the
+       Dovecot auth client did not attempt to create a new connection
+       after an I/O error on an existing connection. Reported by
+       Oleksandr Kozmenko. File: xsasl/xsasl_dovecot_server.c.

diff --git a/postfix/proto/stop.spell-history b/postfix/proto/stop.spell-history
index 21e6c9967b95fc8a7e311c52242c2499b47e4c0b..1b85ee76800d4ca8160ccf1dd088dc8aac686ea4 100644 (file)
--- a/postfix/proto/stop.spell-history
+++ b/postfix/proto/stop.spell-history
@@ -102,3 +102,5 @@ Schulze
 tlspol
 Gueven
 Oemer
+Kozmenko
+Oleksandr

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index f1ebb226f86f1f1f630081c83cbfd0a456833f0c..5996ab3309644db188b0fbb465b8605d6084c7ff 100644 (file)
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20250223"
+#define MAIL_RELEASE_DATE      "20250304"
 #define MAIL_VERSION_NUMBER    "3.11"
 
 #ifdef SNAPSHOT

diff --git a/postfix/src/smtpd/smtpd_peer.c b/postfix/src/smtpd/smtpd_peer.c
index 838af9cb9f8697d5ec30dc074eb741667cb52cbe..468732d30f9d9cb44e9e6ff600a9a00d610dbcdc 100644 (file)
--- a/postfix/src/smtpd/smtpd_peer.c
+++ b/postfix/src/smtpd/smtpd_peer.c
@@ -217,8 +217,13 @@ static int smtpd_peer_sockaddr_to_hostaddr(SMTPD_STATE *state)
         */
        if ((aierr = sockaddr_to_hostaddr(sa, sa_length, &client_addr,
                                          &client_port, 0)) != 0)
-           msg_fatal("%s: cannot convert client address/port to string: %s",
-                     myname, MAI_STRERROR(aierr));
+           msg_fatal("%s: cannot convert client sockaddr type %s length %ld "
+                     "to string: %s", myname,
+#ifdef AF_INET6
+                     sa->sa_family == AF_INET6 ? "AF_INET6" :
+#endif
+                     sa->sa_family == AF_INET ? "AF_INET" : "other",
+                     (long) sa_length, MAI_STRERROR(aierr));
        state->port = mystrdup(client_port.buf);
 
        /*
@@ -299,9 +304,15 @@ static int smtpd_peer_sockaddr_to_hostaddr(SMTPD_STATE *state)
                                          state->dest_sockaddr_len,
                                          &server_addr,
                                          &server_port, 0)) != 0)
-           msg_fatal("%s: cannot convert server address/port to string: %s",
-                     myname, MAI_STRERROR(aierr));
-       /* TODO: convert IPv4-in-IPv6 to IPv4 form. */
+           /* TODO: convert IPv4-in-IPv6 to IPv4 form. */
+           msg_fatal("%s: cannot convert server sockaddr type %s length %ld "
+                   "to string: %s", myname,
+#ifdef AF_INET6
+                  state->dest_sockaddr.ss_family == AF_INET6 ? "AF_INET6" :
+#endif
+                     state->dest_sockaddr.ss_family == AF_INET ? "AF_INET" :
+                     "other", (long) state->dest_sockaddr_len,
+                     MAI_STRERROR(aierr));
        state->dest_addr = mystrdup(server_addr.buf);
        state->dest_port = mystrdup(server_port.buf);
 
@@ -409,8 +420,8 @@ static void smtpd_peer_hostaddr_to_sockaddr(SMTPD_STATE *state)
 
     if ((aierr = hostaddr_to_sockaddr(state->addr, state->port,
                                      SOCK_STREAM, &res)) != 0)
-       msg_fatal("%s: cannot convert client address/port to string: %s",
-                 myname, MAI_STRERROR(aierr));
+       msg_fatal("%s: cannot convert client address '%s' port '%s' to binary: %s",
+                 myname, state->addr, state->port, MAI_STRERROR(aierr));
     if (res->ai_addrlen > sizeof(state->sockaddr))
        msg_panic("%s: address length > struct sockaddr_storage", myname);
     memcpy((void *) &(state->sockaddr), res->ai_addr, res->ai_addrlen);

diff --git a/postfix/src/xsasl/xsasl_dovecot_server.c b/postfix/src/xsasl/xsasl_dovecot_server.c
index 71fe09a528978ba2fac210370cdd3a6e23e0eec6..e9c16466c1df2d252f5772995bec39e5dfefa99b 100644 (file)
--- a/postfix/src/xsasl/xsasl_dovecot_server.c
+++ b/postfix/src/xsasl/xsasl_dovecot_server.c
@@ -617,6 +617,7 @@ static int xsasl_dovecot_handle_reply(XSASL_DOVECOT_SERVER *server,
     }
 
     vstring_strcpy(reply, "Connection lost to authentication server");
+    xsasl_dovecot_server_disconnect(server->impl);
     return XSASL_AUTH_TEMP;
 }
 
@@ -707,6 +708,7 @@ int     xsasl_dovecot_server_first(XSASL_SERVER *xp, const char *sasl_method,
 
        if (i == 1) {
            vstring_strcpy(reply, "Can't connect to authentication server");
+           xsasl_dovecot_server_disconnect(server->impl);
            return XSASL_AUTH_TEMP;
        }
 
@@ -735,6 +737,7 @@ static int xsasl_dovecot_server_next(XSASL_SERVER *xp, const char *request,
                    "CONT\t%u\t%s\n", server->last_request_id, request);
     if (vstream_fflush(server->impl->sasl_stream) == VSTREAM_EOF) {
        vstring_strcpy(reply, "Connection lost to authentication server");
+       xsasl_dovecot_server_disconnect(server->impl);
        return XSASL_AUTH_TEMP;
     }
     return xsasl_dovecot_handle_reply(server, reply);