From: Wietse Venema <wietse@porcupine.org>
Date: Mon, 9 May 2011 05:00:00 +0000 (-0500)
Subject: postfix-2.8.3
X-Git-Tag: v2.8.3^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b592b94beab41097785897f3f683bbdb5d02124a;p=thirdparty%2Fpostfix.git

postfix-2.8.3
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index b49a74955..18dedf439 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -15616,7 +15616,7 @@ Apologies for any names omitted.
 	for the "virtual:" transport to "/etc/postfix/virtual:".
 	Symptom reported by Christoph Anton Mitterer.
 
-20200102
+20100102
 
 	Workaround: don't report bogus Berkeley DB close errors as
 	fatal errors. All operations before close are already error
@@ -16569,3 +16569,17 @@ Apologies for any names omitted.
 	expression of the form ``("text1" "text2") + constant'' so
 	we don't try to be so clever. Fix by Victor Duchovni.  File:
 	global/mail_params.h.
+
+20110411
+
+	Cleanup: postscreen(8) and verify(8) daemons now lock their
+	respective cache file exclusively upon open, to avoid massive
+	cache corruption by unsupported sharing. Files: util/dict.h,
+	util/dict_open.c, verify/verify.c, postscreen/postscreen.c.
+
+20110414
+
+	Bugfix (introduced with Postfix SASL patch 20000314): don't
+	reuse a server SASL handle after authentication failure.
+	Problem reported by Thomas Jarosch of Intra2net AG. File:
+	smtpd/smtpd_proto.c.
diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html
index 614b7b0ab..8e06292c6 100644
--- a/postfix/html/postconf.1.html
+++ b/postfix/html/postconf.1.html
@@ -88,8 +88,8 @@ POSTCONF(1)                                                        POSTCONF(1)
               With  Postfix  version  2.8 and later, the <b>-e</b> is no
               longer needed.
 
-       <b>-h</b>     Show parameter values only, not the "<i>name = " label</i>
-              <i>that normally precedes the value.</i>
+       <b>-h</b>     Show parameter values only, not the "<i>name =</i> " label
+              that normally precedes the value.
 
        <b>-l</b>     List  the  names  of  all supported mailbox locking
               methods.  Postfix supports the following methods:
diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1
index e5dd6949a..6e57e8d2e 100644
--- a/postfix/man/man1/postconf.1
+++ b/postfix/man/man1/postconf.1
@@ -83,7 +83,7 @@ to protect shell metacharacters and whitespace.
 With Postfix version 2.8 and later, the \fB-e\fR is no
 longer needed.
 .IP \fB-h\fR
-Show parameter values only, not the "\fIname = " label
+Show parameter values only, not the "\fIname = \fR" label
 that normally precedes the value.
 .IP \fB-l\fR
 List the names of all supported mailbox locking methods.
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 5b3de9658..f48848ee8 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20110321"
-#define MAIL_VERSION_NUMBER	"2.8.2"
+#define MAIL_RELEASE_DATE	"20110509"
+#define MAIL_VERSION_NUMBER	"2.8.3"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index 82d8be07c..319e2ea13 100644
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -77,7 +77,7 @@
 /*	With Postfix version 2.8 and later, the \fB-e\fR is no
 /*	longer needed.
 /* .IP \fB-h\fR
-/*	Show parameter values only, not the "\fIname = " label
+/*	Show parameter values only, not the "\fIname = \fR" label
 /*	that normally precedes the value.
 /* .IP \fB-l\fR
 /*	List the names of all supported mailbox locking methods.
diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c
index ba7bac8c3..5619b56a0 100644
--- a/postfix/src/postscreen/postscreen.c
+++ b/postfix/src/postscreen/postscreen.c
@@ -823,7 +823,8 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
      * 
      * Start the cache maintenance pseudo thread after dropping privileges.
      */
-#define PSC_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE)
+#define PSC_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE | \
+	    DICT_FLAG_OPEN_LOCK)
 
     if (*var_psc_cache_map)
 	psc_cache_map =
diff --git a/postfix/src/smtpd/smtpd_sasl_proto.c b/postfix/src/smtpd/smtpd_sasl_proto.c
index f419dc6bb..e5fe8b0f0 100644
--- a/postfix/src/smtpd/smtpd_sasl_proto.c
+++ b/postfix/src/smtpd/smtpd_sasl_proto.c
@@ -184,6 +184,27 @@ int     smtpd_sasl_auth_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	return (-1);
     }
 
+    /* Don't reuse the SASL handle after authentication failure. */
+#ifndef SMTPD_FLAG_AUTH_USED
+#define SMTPD_FLAG_AUTH_USED	(1<<15)
+#endif
+#ifndef XSASL_TYPE_CYRUS 
+#define XSASL_TYPE_CYRUS	"cyrus"
+#endif
+    if (state->flags & SMTPD_FLAG_AUTH_USED) {
+	smtpd_sasl_deactivate(state);
+#ifdef USE_TLS
+	if (state->tls_context != 0)
+	    smtpd_sasl_activate(state, VAR_SMTPD_SASL_TLS_OPTS,
+				var_smtpd_sasl_tls_opts);
+	else
+#endif
+	    smtpd_sasl_activate(state, VAR_SMTPD_SASL_OPTS,
+				var_smtpd_sasl_opts);
+    } else if (strcmp(var_smtpd_sasl_type, XSASL_TYPE_CYRUS) == 0) {
+	state->flags |= SMTPD_FLAG_AUTH_USED;
+    }
+
     /*
      * All authentication failures shall be logged. The 5xx reply code from
      * the SASL authentication routine triggers tar-pit delays, which help to
diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in
index 4455fbf20..27990dcb4 100644
--- a/postfix/src/util/Makefile.in
+++ b/postfix/src/util/Makefile.in
@@ -948,6 +948,7 @@ dict_open.o: dict_thash.h
 dict_open.o: dict_unix.h
 dict_open.o: htable.h
 dict_open.o: msg.h
+dict_open.o: myflock.h
 dict_open.o: mymalloc.h
 dict_open.o: split_at.h
 dict_open.o: stringops.h
@@ -1309,7 +1310,6 @@ mask_addr.o: msg.h
 mask_addr.o: sys_defs.h
 match_list.o: argv.h
 match_list.o: dict.h
-match_list.o: htable.h
 match_list.o: match_list.c
 match_list.o: match_list.h
 match_list.o: match_ops.h
@@ -1324,8 +1324,6 @@ match_list.o: vstring_vstream.h
 match_ops.o: argv.h
 match_ops.o: cidr_match.h
 match_ops.o: dict.h
-match_ops.o: htable.h
-match_ops.o: match_list.h
 match_ops.o: match_ops.c
 match_ops.o: match_ops.h
 match_ops.o: msg.h
@@ -1788,6 +1786,8 @@ vstring_vstream.o: vstream.h
 vstring_vstream.o: vstring.h
 vstring_vstream.o: vstring_vstream.c
 vstring_vstream.o: vstring_vstream.h
+watchdog.o: events.h
+watchdog.o: iostuff.h
 watchdog.o: killme_after.h
 watchdog.o: msg.h
 watchdog.o: mymalloc.h
diff --git a/postfix/src/util/dict.h b/postfix/src/util/dict.h
index 9829d28ef..3b3ad51e3 100644
--- a/postfix/src/util/dict.h
+++ b/postfix/src/util/dict.h
@@ -67,6 +67,7 @@ extern DICT *dict_debug(DICT *);
 #define DICT_FLAG_FOLD_FIX	(1<<14)	/* case-fold key with fixed-case map */
 #define DICT_FLAG_FOLD_MUL	(1<<15)	/* case-fold key with multi-case map */
 #define DICT_FLAG_FOLD_ANY	(DICT_FLAG_FOLD_FIX | DICT_FLAG_FOLD_MUL)
+#define DICT_FLAG_OPEN_LOCK	(1<<16)	/* open file with exclusive lock */
 
  /* IMPORTANT: Update the dict_mask[] table when the above changes */
 
diff --git a/postfix/src/util/dict_open.c b/postfix/src/util/dict_open.c
index 9e1358f49..766fa0098 100644
--- a/postfix/src/util/dict_open.c
+++ b/postfix/src/util/dict_open.c
@@ -80,6 +80,10 @@
 /* .IP DICT_FLAG_LOCK
 /*	With maps where this is appropriate, acquire an exclusive lock
 /*	before writing, and acquire a shared lock before reading.
+/* .IP DICT_FLAG_OPEN_LOCK
+/*	With maps where this is appropriate, acquire an exclusive
+/*	lock upon open, and report a fatal run-time error if the
+/*	table is already locked.
 /* .IP DICT_FLAG_FOLD_FIX
 /*	With databases whose lookup fields are fixed-case strings,
 /*	fold the search key to lower case before accessing the
@@ -210,6 +214,7 @@
 #include <stringops.h>
 #include <split_at.h>
 #include <htable.h>
+#include <myflock.h>
 
  /*
   * lookup table for available map types.
@@ -313,6 +318,16 @@ DICT   *dict_open3(const char *dict_type, const char *dict_name,
 	msg_fatal("opening %s:%s %m", dict_type, dict_name);
     if (msg_verbose)
 	msg_info("%s: %s:%s", myname, dict_type, dict_name);
+    /* XXX the choice between wait-for-lock or no-wait is hard-coded. */
+    if (dict->lock_fd >= 0 && (dict_flags & DICT_FLAG_OPEN_LOCK) != 0) {
+	if (dict_flags & DICT_FLAG_LOCK)
+	    msg_panic("%s: attempt to open %s:%s with both \"open\" lock and \"access\" lock",
+		      myname, dict_type, dict_name);
+	if (myflock(dict->lock_fd, INTERNAL_LOCK,
+		    MYFLOCK_OP_EXCLUSIVE | MYFLOCK_OP_NOWAIT) < 0)
+	    msg_fatal("%s:%s: unable to get exclusive lock: %m",
+		      dict_type, dict_name);
+    }
     return (dict);
 }
 
diff --git a/postfix/src/verify/verify.c b/postfix/src/verify/verify.c
index a1a1535f7..271d01f2c 100644
--- a/postfix/src/verify/verify.c
+++ b/postfix/src/verify/verify.c
@@ -664,7 +664,8 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
      * 
      * Start the cache cleanup thread after permanently dropping privileges.
      */
-#define VERIFY_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE)
+#define VERIFY_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE \
+	    | DICT_FLAG_OPEN_LOCK)
 
     saved_mask = umask(022);
     verify_map =