From: Wietse Venema Date: Sat, 1 Oct 2016 05:00:00 +0000 (-0500) Subject: postfix-3.0.7 X-Git-Tag: v3.0.7^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a66c6a373db0e4b9cfa103ee6a6e57b41ae0607;p=thirdparty%2Fpostfix.git postfix-3.0.7 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 220e0c5ac..f057cb585 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -21736,9 +21736,9 @@ Apologies for any names omitted. 20160204 - Documentation (introduced: Postfix 3.0): wrong paramester + Documentation (introduced: Postfix 3.0): wrong parameter name in lmtp_address_verify_target description. File: - proto/posconf.proto + proto/postconf.proto 20160310 @@ -21772,5 +21772,27 @@ Apologies for any names omitted. Bugfix (introduced: Postfix 3.0): the tls_session_ticket_cipher documentation says aes-256-cbc, but the implementation was - using aes-128-cbc (note that Postfix SMTP server and client - processes have a limited life time). + using aes-128-cbc (note that Postfix session ticket keys + are rotated after 1/2 hour, to limit the impact of attacks + on session ticket keys). + +20160911 + + Bugfix (introduced: Postfix 3.0): the SMTP daemon did not + reset a previous session's command counts before rejecting + a client that exceeds request or concurrency rates. File: + smtpd/smtpd.c. + +20160917 + + Bugfix (introduced: Postfix 3.0): the unionmap did not + propagate table lookup errors. Based on patch by Roel van + Meer. Files: util/dict_union.c, util/dict_union_test.*. + +20160925 + + Workaround (problem introduced: Postfix 2.11): to avoid + false "not found" errors with MySQL map queries that contain + UTF8-encoded text, specify "option_group = client" in Postfix + MySQL configuration files. This will be the default setting + with Postfix 3.2 and later. diff --git a/postfix/README_FILES/MYSQL_README b/postfix/README_FILES/MYSQL_README index 169705178..ccba2f7f3 100644 --- a/postfix/README_FILES/MYSQL_README +++ b/postfix/README_FILES/MYSQL_README @@ -94,8 +94,20 @@ where_field = alias # Don't forget the leading "AND"! additional_conditions = AND status = 'paid' +# This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1, +# and is the default setting as of Postfix 3.2, +option_group = client + AAddddiittiioonnaall nnootteess +Postfix 3.2 and later read [[cclliieenntt]] option group settings by default. To +disable this, specify no ooppttiioonn__ffiillee and specify "ooppttiioonn__ggrroouupp ==" (i.e. an +empty value). + +Postfix 3.1 and earlier don't read [[cclliieenntt]] option group settings unless a non- +empty ooppttiioonn__ffiillee or ooppttiioonn__ggrroouupp value are specified. To enable this, specify, +for example "ooppttiioonn__ggrroouupp == cclliieenntt". + The MySQL configuration interface setup allows for multiple mysql databases: you can use one for a virtual table, one for an access table, and one for an aliases table if you want. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 7ca3b68ff..ca60ca248 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -16,6 +16,14 @@ specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11 before proceeding. +Workaround - UTF8 support in Postfix MySQL queries +-------------------------------------------------- + +Someone reported false "not found" errors with MySQL map queries +that contain UTF8-encoded text. To avoid such errors, specify +"option_group = client" in Postfix MySQL configuration files. This +will be the default setting with Postfix 3.2 and later. + Incompatible change with Postfix 3.0.2 -------------------------------------- diff --git a/postfix/html/MYSQL_README.html b/postfix/html/MYSQL_README.html index 5506f4820..6cdbce49c 100644 --- a/postfix/html/MYSQL_README.html +++ b/postfix/html/MYSQL_README.html @@ -130,10 +130,23 @@ table = mxaliases where_field = alias # Don't forget the leading "AND"! additional_conditions = AND status = 'paid' + +# This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1, +# and is the default setting as of Postfix 3.2, +option_group = client

Additional notes

+

Postfix 3.2 and later read [client] option group settings +by default. To disable this, specify no option_file and +specify "option_group =" (i.e. an empty value).

+ +

Postfix 3.1 and earlier don't read [client] option group +settings unless a non-empty option_file or option_group +value are specified. To enable this, specify, for example +"option_group = client".

+

The MySQL configuration interface setup allows for multiple mysql databases: you can use one for a virtual table, one for an access table, and one for an aliases table if you want.

diff --git a/postfix/html/mysql_table.5.html b/postfix/html/mysql_table.5.html index 1d889d246..ca15b1656 100644 --- a/postfix/html/mysql_table.5.html +++ b/postfix/html/mysql_table.5.html @@ -232,6 +232,11 @@ MYSQL_TABLE(5) MYSQL_TABLE(5) option_group Read options from the given group. + Postfix 3.1 and earlier don't read [client] option group set- + tings unless a non-empty option_file or option_group value are + specified. To enable this, specify, for example, "option_group = + client". + This parameter is available with Postfix 2.11 and later. tls_cert_file @@ -240,37 +245,37 @@ MYSQL_TABLE(5) MYSQL_TABLE(5) This parameter is available with Postfix 2.11 and later. tls_key_file - File containing the private key corresponding to tls_cert_file. + File containing the private key corresponding to tls_cert_file. This parameter is available with Postfix 2.11 and later. tls_CAfile - File containing certificates for all of the X509 Certification - Authorities the client will recognize. Takes precedence over + File containing certificates for all of the X509 Certification + Authorities the client will recognize. Takes precedence over tls_CApath. This parameter is available with Postfix 2.11 and later. tls_CApath - Directory containing X509 Certification Authority certificates + Directory containing X509 Certification Authority certificates in separate individual files. This parameter is available with Postfix 2.11 and later. tls_verify_cert (default: no) - Verify that the server's name matches the common name in the + Verify that the server's name matches the common name in the certificate. This parameter is available with Postfix 2.11 and later. OBSOLETE QUERY INTERFACE - This section describes an interface that is deprecated as of Postfix - 2.2. It is replaced by the more general query interface described - above. If the query parameter is defined, the legacy parameters - described here ignored. Please migrate to the new interface as the + This section describes an interface that is deprecated as of Postfix + 2.2. It is replaced by the more general query interface described + above. If the query parameter is defined, the legacy parameters + described here ignored. Please migrate to the new interface as the legacy interface may be removed in a future release. - The following parameters can be used to fill in a SELECT template + The following parameters can be used to fill in a SELECT template statement of the form: SELECT [select_field] @@ -279,7 +284,7 @@ MYSQL_TABLE(5) MYSQL_TABLE(5) [additional_conditions] The specifier %s is replaced by the search string, and is escaped so if - it contains single quotes or other odd characters, it will not cause a + it contains single quotes or other odd characters, it will not cause a parse error, or worse, a security problem. select_field diff --git a/postfix/man/man5/mysql_table.5 b/postfix/man/man5/mysql_table.5 index 744aad2f5..084f4ba0a 100644 --- a/postfix/man/man5/mysql_table.5 +++ b/postfix/man/man5/mysql_table.5 @@ -264,6 +264,11 @@ This parameter is available with Postfix 2.11 and later. .IP "\fBoption_group\fR" Read options from the given group. .sp +Postfix 3.1 and earlier don't read \fB[client]\fR option +group settings unless a non\-empty \fBoption_file\fR or +\fBoption_group\fR value are specified. To enable this, +specify, for example, "\fBoption_group = client\fR". +.sp This parameter is available with Postfix 2.11 and later. .IP "\fBtls_cert_file\fR" File containing client's X509 certificate. diff --git a/postfix/proto/MYSQL_README.html b/postfix/proto/MYSQL_README.html index b15ee6a6c..73e8b2da3 100644 --- a/postfix/proto/MYSQL_README.html +++ b/postfix/proto/MYSQL_README.html @@ -130,10 +130,23 @@ table = mxaliases where_field = alias # Don't forget the leading "AND"! additional_conditions = AND status = 'paid' + +# This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1, +# and is the default setting as of Postfix 3.2, +option_group = client

Additional notes

+

Postfix 3.2 and later read [client] option group settings +by default. To disable this, specify no option_file and +specify "option_group =" (i.e. an empty value).

+ +

Postfix 3.1 and earlier don't read [client] option group +settings unless a non-empty option_file or option_group +value are specified. To enable this, specify, for example +"option_group = client".

+

The MySQL configuration interface setup allows for multiple mysql databases: you can use one for a virtual table, one for an access table, and one for an aliases table if you want.

diff --git a/postfix/proto/mysql_table b/postfix/proto/mysql_table index 1c799c384..f5206c580 100644 --- a/postfix/proto/mysql_table +++ b/postfix/proto/mysql_table @@ -252,6 +252,11 @@ # .IP "\fBoption_group\fR" # Read options from the given group. # .sp +# Postfix 3.1 and earlier don't read \fB[client]\fR option +# group settings unless a non-empty \fBoption_file\fR or +# \fBoption_group\fR value are specified. To enable this, +# specify, for example, "\fBoption_group = client\fR". +# .sp # This parameter is available with Postfix 2.11 and later. # .IP "\fBtls_cert_file\fR" # File containing client's X509 certificate. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index bfcaadf91..d1664d5e9 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20160828" -#define MAIL_VERSION_NUMBER "3.0.6" +#define MAIL_RELEASE_DATE "20161001" +#define MAIL_VERSION_NUMBER "3.0.7" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 4fca242d6..b65ec648c 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -4789,6 +4789,15 @@ static void smtpd_proto(SMTPD_STATE *state) case 0: + /* + * Reset the per-command counters. + */ + for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) { + cmdp->success_count = cmdp->total_count = 0; + if (cmdp->name == 0) + break; + } + /* * In TLS wrapper mode, turn on TLS using code that is shared with * the STARTTLS command. This code does not return when the handshake @@ -4960,15 +4969,6 @@ static void smtpd_proto(SMTPD_STATE *state) var_smtpd_sasl_opts); #endif - /* - * Reset the per-command counters. - */ - for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) { - cmdp->success_count = cmdp->total_count = 0; - if (cmdp->name == 0) - break; - } - /* * The command read/execute loop. */ diff --git a/postfix/src/util/dict_union.c b/postfix/src/util/dict_union.c index a19e04809..c2c54bf88 100644 --- a/postfix/src/util/dict_union.c +++ b/postfix/src/util/dict_union.c @@ -81,11 +81,13 @@ static const char *dict_union_lookup(DICT *dict, const char *query) for (cpp = dict_union->map_union->argv; (dict_type_name = *cpp) != 0; cpp++) { if ((map = dict_handle(dict_type_name)) == 0) msg_panic("%s: dictionary \"%s\" not found", myname, dict_type_name); - if ((result = dict_get(map, query)) == 0) - continue; - if (VSTRING_LEN(dict_union->re_buf) > 0) - VSTRING_ADDCH(dict_union->re_buf, ','); - vstring_strcat(dict_union->re_buf, result); + if ((result = dict_get(map, query)) != 0) { + if (VSTRING_LEN(dict_union->re_buf) > 0) + VSTRING_ADDCH(dict_union->re_buf, ','); + vstring_strcat(dict_union->re_buf, result); + } else if (map->error != 0) { + DICT_ERR_VAL_RETURN(dict, map->error, 0); + } } DICT_ERR_VAL_RETURN(dict, DICT_ERR_NONE, VSTRING_LEN(dict_union->re_buf) > 0 ?