From: Wietse Venema Date: Sat, 22 Jun 2013 22:57:00 +0000 (-0400) Subject: postfix-2.9.7 X-Git-Tag: v2.9.7^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce68ce4ae361936028ec3dd6b5e76102a1b7146a;p=thirdparty%2Fpostfix.git postfix-2.9.7 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index a186bd50b..28e0c2694 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -17783,3 +17783,31 @@ Apologies for any names omitted. Bugfix: the 20121010 fix for tls_misc.c was documented but not included. + +20130403 + + Bugfix (introduced: Postfix 2.3): don't reuse TCP connections + when smtp_tls_policy_maps is specified. Victor Duchovni. + Found during Postfix 2.11 code maintenance. File: + smtp/smtp_reuse.c. + +20130423 + + Bugfix (introduced: Postfix 2.0): when myhostname is not + listed in mydestination, the trivial-rewrite resolver may + log "do not list in both mydestination + and ". The fix is + to re-resolve a domain-less address after adding $myhostname + as the surrogate domain, so that it pops out with the right + address-class label. Problem reported by Quanah Gibson-Mount. + File: trivial-rewrite/resolve.c. + +20130425 + + Bugfix (introduced: Postfix 2.2): don't reuse TCP connections + when SASL authentication is enabled. SASL passwords may + depend on the remote SMTP server hostname, but the Postfix + <2.11 SMTP connection cache client does not distinguish + between different hostnames that resolve to the same IP + address. Found during Postfix 2.11 code maintenance. File: + smtp/smtp_connect.c. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index e99c71e6e..ae372d6a3 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20130203" -#define MAIL_VERSION_NUMBER "2.9.6" +#define MAIL_RELEASE_DATE "20130622" +#define MAIL_VERSION_NUMBER "2.9.7" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c index 2abb49ccb..d1b2eae40 100644 --- a/postfix/src/smtp/smtp_connect.c +++ b/postfix/src/smtp/smtp_connect.c @@ -457,12 +457,12 @@ static void smtp_cache_policy(SMTP_STATE *state, const char *dest) state->misc_flags &= ~SMTP_MISC_FLAG_CONN_CACHE_MASK; /* - * XXX Disable connection caching when sender-dependent authentication is + * XXX Disable connection caching when SASL authentication is * enabled. We must not send someone elses mail over an authenticated * connection, and we must not send mail that requires authentication * over a connection that wasn't authenticated. */ - if (var_smtp_sender_auth) + if (var_smtp_sasl_passwd && *var_smtp_sasl_passwd) return; if (smtp_cache_dest && string_list_match(smtp_cache_dest, dest)) { diff --git a/postfix/src/smtp/smtp_reuse.c b/postfix/src/smtp/smtp_reuse.c index 0eb989f18..cbf3bbee3 100644 --- a/postfix/src/smtp/smtp_reuse.c +++ b/postfix/src/smtp/smtp_reuse.c @@ -270,7 +270,7 @@ SMTP_SESSION *smtp_reuse_addr(SMTP_STATE *state, const char *addr, * credentials or the wrong TLS policy. */ if ((var_smtp_tls_per_site && *var_smtp_tls_per_site) - || (var_smtp_sasl_passwd && *var_smtp_sasl_passwd)) + || (var_smtp_tls_policy && *var_smtp_tls_policy)) return (0); /* diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c index fc2684944..2252b00fa 100644 --- a/postfix/src/tls/tls_client.c +++ b/postfix/src/tls/tls_client.c @@ -994,7 +994,7 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props) if (TLScontext->log_mask & (TLS_LOG_CERTMATCH | TLS_LOG_VERBOSE | TLS_LOG_PEERCERT)) msg_info("%s: subject_CN=%s, issuer_CN=%s, " - "fingerprint %s, pkey_fingerprint=%s", props->namaddr, + "fingerprint=%s, pkey_fingerprint=%s", props->namaddr, TLScontext->peer_CN, TLScontext->issuer_CN, TLScontext->peer_fingerprint, TLScontext->peer_pkey_fprint); diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c index c237b312f..3e42176bf 100644 --- a/postfix/src/trivial-rewrite/resolve.c +++ b/postfix/src/trivial-rewrite/resolve.c @@ -324,9 +324,18 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr, tok822_free(tree->head); tree->head = 0; } - /* XXX must be localpart only, not user@domain form. */ - if (tree->head == 0) + /* XXX Re-resolve the surrogate, in case already in user@domain form. */ + if (tree->head == 0) { tree->head = tok822_scan(var_empty_addr, &tree->tail); + continue; + } + + /* XXX Re-resolve with @$myhostname for backwards compatibility. */ + if (domain == 0 && saved_domain == 0) { + tok822_sub_append(tree, tok822_alloc('@', (char *) 0)); + tok822_sub_append(tree, tok822_scan(var_myhostname, (TOK822 **) 0)); + continue; + } /* * We're done. There are no domains left to strip off the address,