Prereq: "2.9.6" diff -cr --new-file /var/tmp/postfix-2.9.6/src/global/mail_version.h ./src/global/mail_version.h *** /var/tmp/postfix-2.9.6/src/global/mail_version.h Sun Feb 3 15:46:53 2013 --- ./src/global/mail_version.h Sat Jun 22 18:43:54 2013 *************** *** 20,27 **** * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20130203" ! #define MAIL_VERSION_NUMBER "2.9.6" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE --- 20,27 ---- * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20130622" ! #define MAIL_VERSION_NUMBER "2.9.7" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -cr --new-file /var/tmp/postfix-2.9.6/HISTORY ./HISTORY *** /var/tmp/postfix-2.9.6/HISTORY Sun Feb 3 15:14:13 2013 --- ./HISTORY Wed May 8 12:25:44 2013 *************** *** 17783,17785 **** --- 17783,17813 ---- Bugfix: the 20121010 fix for tls_misc.c was documented but not included. + + 20130403 + + Bugfix (introduced: Postfix 2.3): don't reuse TCP connections + when smtp_tls_policy_maps is specified. Victor Duchovni. + Found during Postfix 2.11 code maintenance. File: + smtp/smtp_reuse.c. + + 20130423 + + Bugfix (introduced: Postfix 2.0): when myhostname is not + listed in mydestination, the trivial-rewrite resolver may + log "do not list in both mydestination + and ". The fix is + to re-resolve a domain-less address after adding $myhostname + as the surrogate domain, so that it pops out with the right + address-class label. Problem reported by Quanah Gibson-Mount. + File: trivial-rewrite/resolve.c. + + 20130425 + + Bugfix (introduced: Postfix 2.2): don't reuse TCP connections + when SASL authentication is enabled. SASL passwords may + depend on the remote SMTP server hostname, but the Postfix + <2.11 SMTP connection cache client does not distinguish + between different hostnames that resolve to the same IP + address. Found during Postfix 2.11 code maintenance. File: + smtp/smtp_connect.c. diff -cr --new-file /var/tmp/postfix-2.9.6/src/smtp/smtp_connect.c ./src/smtp/smtp_connect.c *** /var/tmp/postfix-2.9.6/src/smtp/smtp_connect.c Mon Jan 2 19:57:59 2012 --- ./src/smtp/smtp_connect.c Tue May 7 20:15:50 2013 *************** *** 457,468 **** state->misc_flags &= ~SMTP_MISC_FLAG_CONN_CACHE_MASK; /* ! * XXX Disable connection caching when sender-dependent authentication is * enabled. We must not send someone elses mail over an authenticated * connection, and we must not send mail that requires authentication * over a connection that wasn't authenticated. */ ! if (var_smtp_sender_auth) return; if (smtp_cache_dest && string_list_match(smtp_cache_dest, dest)) { --- 457,468 ---- state->misc_flags &= ~SMTP_MISC_FLAG_CONN_CACHE_MASK; /* ! * XXX Disable connection caching when SASL authentication is * enabled. We must not send someone elses mail over an authenticated * connection, and we must not send mail that requires authentication * over a connection that wasn't authenticated. */ ! if (var_smtp_sasl_passwd && *var_smtp_sasl_passwd) return; if (smtp_cache_dest && string_list_match(smtp_cache_dest, dest)) { diff -cr --new-file /var/tmp/postfix-2.9.6/src/smtp/smtp_reuse.c ./src/smtp/smtp_reuse.c *** /var/tmp/postfix-2.9.6/src/smtp/smtp_reuse.c Wed Dec 3 19:06:42 2008 --- ./src/smtp/smtp_reuse.c Tue May 7 20:15:50 2013 *************** *** 270,276 **** * credentials or the wrong TLS policy. */ if ((var_smtp_tls_per_site && *var_smtp_tls_per_site) ! || (var_smtp_sasl_passwd && *var_smtp_sasl_passwd)) return (0); /* --- 270,276 ---- * credentials or the wrong TLS policy. */ if ((var_smtp_tls_per_site && *var_smtp_tls_per_site) ! || (var_smtp_tls_policy && *var_smtp_tls_policy)) return (0); /* diff -cr --new-file /var/tmp/postfix-2.9.6/src/tls/tls_client.c ./src/tls/tls_client.c *** /var/tmp/postfix-2.9.6/src/tls/tls_client.c Thu May 17 13:14:52 2012 --- ./src/tls/tls_client.c Tue May 7 20:15:50 2013 *************** *** 994,1000 **** if (TLScontext->log_mask & (TLS_LOG_CERTMATCH | TLS_LOG_VERBOSE | TLS_LOG_PEERCERT)) msg_info("%s: subject_CN=%s, issuer_CN=%s, " ! "fingerprint %s, pkey_fingerprint=%s", props->namaddr, TLScontext->peer_CN, TLScontext->issuer_CN, TLScontext->peer_fingerprint, TLScontext->peer_pkey_fprint); --- 994,1000 ---- if (TLScontext->log_mask & (TLS_LOG_CERTMATCH | TLS_LOG_VERBOSE | TLS_LOG_PEERCERT)) msg_info("%s: subject_CN=%s, issuer_CN=%s, " ! "fingerprint=%s, pkey_fingerprint=%s", props->namaddr, TLScontext->peer_CN, TLScontext->issuer_CN, TLScontext->peer_fingerprint, TLScontext->peer_pkey_fprint); diff -cr --new-file /var/tmp/postfix-2.9.6/src/trivial-rewrite/resolve.c ./src/trivial-rewrite/resolve.c *** /var/tmp/postfix-2.9.6/src/trivial-rewrite/resolve.c Fri Dec 30 18:19:45 2011 --- ./src/trivial-rewrite/resolve.c Tue May 7 20:15:50 2013 *************** *** 324,332 **** tok822_free(tree->head); tree->head = 0; } ! /* XXX must be localpart only, not user@domain form. */ ! if (tree->head == 0) tree->head = tok822_scan(var_empty_addr, &tree->tail); /* * We're done. There are no domains left to strip off the address, --- 324,341 ---- tok822_free(tree->head); tree->head = 0; } ! /* XXX Re-resolve the surrogate, in case already in user@domain form. */ ! if (tree->head == 0) { tree->head = tok822_scan(var_empty_addr, &tree->tail); + continue; + } + + /* XXX Re-resolve with @$myhostname for backwards compatibility. */ + if (domain == 0 && saved_domain == 0) { + tok822_sub_append(tree, tok822_alloc('@', (char *) 0)); + tok822_sub_append(tree, tok822_scan(var_myhostname, (TOK822 **) 0)); + continue; + } /* * We're done. There are no domains left to strip off the address,