Prereq: "2.8.14" diff -cr --new-file /var/tmp/postfix-2.8.14/src/global/mail_version.h ./src/global/mail_version.h *** /var/tmp/postfix-2.8.14/src/global/mail_version.h Sun Feb 3 15:44:37 2013 --- ./src/global/mail_version.h Sat Jun 22 18:39:28 2013 *************** *** 20,27 **** * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20130203" ! #define MAIL_VERSION_NUMBER "2.8.14" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE --- 20,27 ---- * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20130622" ! #define MAIL_VERSION_NUMBER "2.8.15" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -cr --new-file /var/tmp/postfix-2.8.14/HISTORY ./HISTORY *** /var/tmp/postfix-2.8.14/HISTORY Sun Feb 3 15:02:05 2013 --- ./HISTORY Wed May 8 12:25:44 2013 *************** *** 16887,16889 **** --- 16887,16917 ---- Bugfix: the 20121010 fix for tls_misc.c was documented but not included. + + 20130403 + + Bugfix (introduced: Postfix 2.3): don't reuse TCP connections + when smtp_tls_policy_maps is specified. Victor Duchovni. + Found during Postfix 2.11 code maintenance. File: + smtp/smtp_reuse.c. + + 20130423 + + Bugfix (introduced: Postfix 2.0): when myhostname is not + listed in mydestination, the trivial-rewrite resolver may + log "do not list in both mydestination + and ". The fix is + to re-resolve a domain-less address after adding $myhostname + as the surrogate domain, so that it pops out with the right + address-class label. Problem reported by Quanah Gibson-Mount. + File: trivial-rewrite/resolve.c. + + 20130425 + + Bugfix (introduced: Postfix 2.2): don't reuse TCP connections + when SASL authentication is enabled. SASL passwords may + depend on the remote SMTP server hostname, but the Postfix + <2.11 SMTP connection cache client does not distinguish + between different hostnames that resolve to the same IP + address. Found during Postfix 2.11 code maintenance. File: + smtp/smtp_connect.c. diff -cr --new-file /var/tmp/postfix-2.8.14/src/smtp/smtp_connect.c ./src/smtp/smtp_connect.c *** /var/tmp/postfix-2.8.14/src/smtp/smtp_connect.c Fri Nov 27 10:52:10 2009 --- ./src/smtp/smtp_connect.c Tue May 7 20:19:36 2013 *************** *** 456,467 **** state->misc_flags &= ~SMTP_MISC_FLAG_CONN_CACHE_MASK; /* ! * XXX Disable connection caching when sender-dependent authentication is * enabled. We must not send someone elses mail over an authenticated * connection, and we must not send mail that requires authentication * over a connection that wasn't authenticated. */ ! if (var_smtp_sender_auth) return; if (smtp_cache_dest && string_list_match(smtp_cache_dest, dest)) { --- 456,467 ---- state->misc_flags &= ~SMTP_MISC_FLAG_CONN_CACHE_MASK; /* ! * XXX Disable connection caching when SASL authentication is * enabled. We must not send someone elses mail over an authenticated * connection, and we must not send mail that requires authentication * over a connection that wasn't authenticated. */ ! if (var_smtp_sasl_passwd && *var_smtp_sasl_passwd) return; if (smtp_cache_dest && string_list_match(smtp_cache_dest, dest)) { diff -cr --new-file /var/tmp/postfix-2.8.14/src/smtp/smtp_reuse.c ./src/smtp/smtp_reuse.c *** /var/tmp/postfix-2.8.14/src/smtp/smtp_reuse.c Wed Dec 3 19:06:42 2008 --- ./src/smtp/smtp_reuse.c Tue May 7 20:19:36 2013 *************** *** 270,276 **** * credentials or the wrong TLS policy. */ if ((var_smtp_tls_per_site && *var_smtp_tls_per_site) ! || (var_smtp_sasl_passwd && *var_smtp_sasl_passwd)) return (0); /* --- 270,276 ---- * credentials or the wrong TLS policy. */ if ((var_smtp_tls_per_site && *var_smtp_tls_per_site) ! || (var_smtp_tls_policy && *var_smtp_tls_policy)) return (0); /* diff -cr --new-file /var/tmp/postfix-2.8.14/src/trivial-rewrite/resolve.c ./src/trivial-rewrite/resolve.c *** /var/tmp/postfix-2.8.14/src/trivial-rewrite/resolve.c Wed Dec 9 16:22:51 2009 --- ./src/trivial-rewrite/resolve.c Tue May 7 20:19:36 2013 *************** *** 324,332 **** tok822_free(tree->head); tree->head = 0; } ! /* XXX must be localpart only, not user@domain form. */ ! if (tree->head == 0) tree->head = tok822_scan(var_empty_addr, &tree->tail); /* * We're done. There are no domains left to strip off the address, --- 324,341 ---- tok822_free(tree->head); tree->head = 0; } ! /* XXX Re-resolve the surrogate, in case already in user@domain form. */ ! if (tree->head == 0) { tree->head = tok822_scan(var_empty_addr, &tree->tail); + continue; + } + + /* XXX Re-resolve with @$myhostname for backwards compatibility. */ + if (domain == 0 && saved_domain == 0) { + tok822_sub_append(tree, tok822_alloc('@', (char *) 0)); + tok822_sub_append(tree, tok822_scan(var_myhostname, (TOK822 **) 0)); + continue; + } /* * We're done. There are no domains left to strip off the address,