Hello community,
here is the log from the commit of package postfix for openSUSE:Factory checked
in at 2016-10-14 09:26:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postfix (Old)
and /work/SRC/openSUSE:Factory/.postfix.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix"
Changes:
--------
--- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2016-09-09
10:16:20.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes 2016-10-14
09:26:06.000000000 +0200
@@ -1,0 +2,17 @@
+Sun Oct 9 20:11:34 UTC 2016 - mich...@stroeder.com
+
+- update to 3.1.3:
+ * The Postfix SMTP server did not reset a previous session's
+ failed/total command counts before rejecting a client that
+ exceeds request or concurrency rates. This resulted in incorrect
+ failed/total command counts being logged at the end of the
+ rejected session.
+ * The unionmap multi-table interface did not propagate table
+ lookup errors, resulting in false "user unknown" responses.
+ * The documentation was updated with a workaround for false "not
+ found" errors with MySQL map queries that contain UTF8-encoded
+ text. The workaround is to specify "option_group = client" in
+ Postfix MySQL configuration files. This will be the default
+ setting with Postfix 3.2 and later.
+
+-------------------------------------------------------------------
Old:
----
postfix-3.1.2.tar.gz
New:
----
postfix-3.1.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ postfix.spec ++++++
--- /var/tmp/diff_new_pack.mFWIWU/_old 2016-10-14 09:26:08.000000000 +0200
+++ /var/tmp/diff_new_pack.mFWIWU/_new 2016-10-14 09:26:08.000000000 +0200
@@ -59,7 +59,7 @@
%define _unitdir /lib/systemd
%endif
Name: postfix
-Version: 3.1.2
+Version: 3.1.3
Release: 0
Summary: A fast, secure, and flexible mailer
License: IPL-1.0
++++++ postfix-3.1.2.tar.gz -> postfix-3.1.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.1.2/HISTORY new/postfix-3.1.3/HISTORY
--- old/postfix-3.1.2/HISTORY 2016-08-28 01:50:23.000000000 +0200
+++ new/postfix-3.1.3/HISTORY 2016-10-02 01:36:45.000000000 +0200
@@ -22227,8 +22227,9 @@
Bugfix (introduced: Postfix 3.0): the tls_session_ticket_cipher
documentation says aes-256-cbc, but the implementation was
- using aes-128-cbc (note that Postfix SMTP server and client
- processes have a limited life time).
+ using aes-128-cbc (note that Postfix session ticket keys
+ are rotated after 1/2 hour, to limit the impact of attacks
+ on session ticket keys).
20160828
@@ -22236,3 +22237,24 @@
Viktor Dukhovni. Files: posttls-finger/posttls-finger.c,
tls/tls.h, tls/tls_dane.c, tls/tls_verify.c, tls/tls_server.c,
tls/tls_client.c.
+
+20160911
+
+ Bugfix (introduced: Postfix 3.0): the SMTP daemon did not
+ reset a previous session's command counts before rejecting
+ a client that exceeds request or concurrency rates. File:
+ smtpd/smtpd.c.
+
+20160917
+
+ Bugfix (introduced: Postfix 3.0): the unionmap did not
+ propagate table lookup errors. Based on patch by Roel van
+ Meer. Files: util/dict_union.c, util/dict_union_test.*.
+
+20160925
+
+ Workaround (problem introduced: Postfix 2.11): to avoid
+ false "not found" errors with MySQL map queries that contain
+ UTF8-encoded text, specify "option_group = client" in Postfix
+ MySQL configuration files. This will be the default setting
+ with Postfix 3.2 and later.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.1.2/README_FILES/MYSQL_README
new/postfix-3.1.3/README_FILES/MYSQL_README
--- old/postfix-3.1.2/README_FILES/MYSQL_README 2015-01-29 23:33:49.000000000
+0100
+++ new/postfix-3.1.3/README_FILES/MYSQL_README 2016-10-02 01:01:38.000000000
+0200
@@ -94,8 +94,20 @@
# Don't forget the leading "AND"!
additional_conditions = AND status = 'paid'
+# This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1,
+# and is the default setting as of Postfix 3.2,
+option_group = client
+
A�Ad�dd�di�it�ti�io�on�na�al�l n�no�ot�te�es�s
+Postfix 3.2 and later read [�[c�cl�li�ie�en�nt�t]�] option group settings by
default. To
+disable this, specify no o�op�pt�ti�io�on�n_�_f�fi�il�le�e and specify
"o�op�pt�ti�io�on�n_�_g�gr�ro�ou�up�p =�=" (i.e. an
+empty value).
+
+Postfix 3.1 and earlier don't read [�[c�cl�li�ie�en�nt�t]�] option group
settings unless a non-
+empty o�op�pt�ti�io�on�n_�_f�fi�il�le�e or
o�op�pt�ti�io�on�n_�_g�gr�ro�ou�up�p value are specified. To enable this,
specify,
+for example "o�op�pt�ti�io�on�n_�_g�gr�ro�ou�up�p =�= c�cl�li�ie�en�nt�t".
+
The MySQL configuration interface setup allows for multiple mysql databases:
you can use one for a virtual table, one for an access table, and one for an
aliases table if you want.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.1.2/RELEASE_NOTES
new/postfix-3.1.3/RELEASE_NOTES
--- old/postfix-3.1.2/RELEASE_NOTES 2016-02-23 00:10:22.000000000 +0100
+++ new/postfix-3.1.3/RELEASE_NOTES 2016-10-02 01:36:03.000000000 +0200
@@ -16,6 +16,14 @@
If you upgrade from Postfix 2.11 or earlier, read RELEASE_NOTES-3.0
before proceeding.
+Workaround - UTF8 support in Postfix MySQL queries
+--------------------------------------------------
+
+Someone reported false "not found" errors with MySQL map queries
+that contain UTF8-encoded text. To avoid such errors, specify
+"option_group = client" in Postfix MySQL configuration files. This
+will be the default setting with Postfix 3.2 and later.
+
Major changes - address verification safety
-------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.1.2/html/MYSQL_README.html
new/postfix-3.1.3/html/MYSQL_README.html
--- old/postfix-3.1.2/html/MYSQL_README.html 2015-01-29 23:33:47.000000000
+0100
+++ new/postfix-3.1.3/html/MYSQL_README.html 2016-10-02 01:01:38.000000000
+0200
@@ -130,10 +130,23 @@
where_field = alias
# Don't forget the leading "AND"!
additional_conditions = AND status = 'paid'
+
+# This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1,
+# and is the default setting as of Postfix 3.2,
+option_group = client
</pre>
<h2>Additional notes</h2>
+<p> Postfix 3.2 and later read <b>[client]</b> option group settings
+by default. To disable this, specify no <b>option_file</b> and
+specify "<b>option_group =</b>" (i.e. an empty value). </p>
+
+<p> Postfix 3.1 and earlier don't read <b>[client]</b> option group
+settings unless a non-empty <b>option_file</b> or <b>option_group</b>
+value are specified. To enable this, specify, for example
+"<b>option_group = client</b>". </p>
+
<p> The MySQL configuration interface setup allows for multiple
mysql databases: you can use one for a virtual table, one for an
access table, and one for an aliases table if you want. </p>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.1.2/html/mysql_table.5.html
new/postfix-3.1.3/html/mysql_table.5.html
--- old/postfix-3.1.2/html/mysql_table.5.html 2016-02-14 01:58:00.000000000
+0100
+++ new/postfix-3.1.3/html/mysql_table.5.html 2016-10-02 01:01:39.000000000
+0200
@@ -232,6 +232,11 @@
<b>option_group</b>
Read options from the given group.
+ Postfix 3.1 and earlier don't read <b>[client]</b> option
group set-
+ tings unless a non-empty <b>option_file</b> or
<b>option_group</b> value are
+ specified. To enable this, specify, for example,
"<b>option_group =</b>
+ <b>client</b>".
+
This parameter is available with Postfix 2.11 and later.
<b>tls_cert_file</b>
@@ -240,37 +245,37 @@
This parameter is available with Postfix 2.11 and later.
<b>tls_key_file</b>
- File containing the private key corresponding to
<b>tls_cert_file</b>.
+ File containing the private key corresponding to
<b>tls_cert_file</b>.
This parameter is available with Postfix 2.11 and later.
<b>tls_CAfile</b>
- File containing certificates for all of the X509 Certification
- Authorities the client will recognize. Takes precedence over
+ File containing certificates for all of the X509 Certification
+ Authorities the client will recognize. Takes precedence over
<b>tls_CApath</b>.
This parameter is available with Postfix 2.11 and later.
<b>tls_CApath</b>
- Directory containing X509 Certification Authority certificates
+ Directory containing X509 Certification Authority certificates
in separate individual files.
This parameter is available with Postfix 2.11 and later.
<b>tls_verify_cert (default: no)</b>
- Verify that the server's name matches the common name in the
+ Verify that the server's name matches the common name in the
certificate.
This parameter is available with Postfix 2.11 and later.
<b>OBSOLETE QUERY INTERFACE</b>
- This section describes an interface that is deprecated as of Postfix
- 2.2. It is replaced by the more general <b>query</b> interface
described
- above. If the <b>query</b> parameter is defined, the legacy
parameters
- described here ignored. Please migrate to the new interface as the
+ This section describes an interface that is deprecated as of Postfix
+ 2.2. It is replaced by the more general <b>query</b> interface
described
+ above. If the <b>query</b> parameter is defined, the legacy
parameters
+ described here ignored. Please migrate to the new interface as the
legacy interface may be removed in a future release.
- The following parameters can be used to fill in a SELECT template
+ The following parameters can be used to fill in a SELECT template
statement of the form:
SELECT [<b>select_field</b>]
@@ -279,7 +284,7 @@
[<b>additional_conditions</b>]
The specifier %s is replaced by the search string, and is escaped so if
- it contains single quotes or other odd characters, it will not cause a
+ it contains single quotes or other odd characters, it will not cause a
parse error, or worse, a security problem.
<b>select_field</b>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.1.2/man/man5/mysql_table.5
new/postfix-3.1.3/man/man5/mysql_table.5
--- old/postfix-3.1.2/man/man5/mysql_table.5 2016-02-14 01:57:59.000000000
+0100
+++ new/postfix-3.1.3/man/man5/mysql_table.5 2016-10-02 01:01:39.000000000
+0200
@@ -264,6 +264,11 @@
.IP "\fBoption_group\fR"
Read options from the given group.
.sp
+Postfix 3.1 and earlier don't read \fB[client]\fR option
+group settings unless a non\-empty \fBoption_file\fR or
+\fBoption_group\fR value are specified. To enable this,
+specify, for example, "\fBoption_group = client\fR".
+.sp
This parameter is available with Postfix 2.11 and later.
.IP "\fBtls_cert_file\fR"
File containing client's X509 certificate.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.1.2/proto/MYSQL_README.html
new/postfix-3.1.3/proto/MYSQL_README.html
--- old/postfix-3.1.2/proto/MYSQL_README.html 2015-01-29 23:33:24.000000000
+0100
+++ new/postfix-3.1.3/proto/MYSQL_README.html 2016-10-02 00:36:50.000000000
+0200
@@ -130,10 +130,23 @@
where_field = alias
# Don't forget the leading "AND"!
additional_conditions = AND status = 'paid'
+
+# This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1,
+# and is the default setting as of Postfix 3.2,
+option_group = client
</pre>
<h2>Additional notes</h2>
+<p> Postfix 3.2 and later read <b>[client]</b> option group settings
+by default. To disable this, specify no <b>option_file</b> and
+specify "<b>option_group =</b>" (i.e. an empty value). </p>
+
+<p> Postfix 3.1 and earlier don't read <b>[client]</b> option group
+settings unless a non-empty <b>option_file</b> or <b>option_group</b>
+value are specified. To enable this, specify, for example
+"<b>option_group = client</b>". </p>
+
<p> The MySQL configuration interface setup allows for multiple
mysql databases: you can use one for a virtual table, one for an
access table, and one for an aliases table if you want. </p>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.1.2/proto/mysql_table
new/postfix-3.1.3/proto/mysql_table
--- old/postfix-3.1.2/proto/mysql_table 2016-02-12 21:25:01.000000000 +0100
+++ new/postfix-3.1.3/proto/mysql_table 2016-10-02 01:01:14.000000000 +0200
@@ -252,6 +252,11 @@
# .IP "\fBoption_group\fR"
# Read options from the given group.
# .sp
+# Postfix 3.1 and earlier don't read \fB[client]\fR option
+# group settings unless a non-empty \fBoption_file\fR or
+# \fBoption_group\fR value are specified. To enable this,
+# specify, for example, "\fBoption_group = client\fR".
+# .sp
# This parameter is available with Postfix 2.11 and later.
# .IP "\fBtls_cert_file\fR"
# File containing client's X509 certificate.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.1.2/src/global/mail_version.h
new/postfix-3.1.3/src/global/mail_version.h
--- old/postfix-3.1.2/src/global/mail_version.h 2016-08-27 23:51:27.000000000
+0200
+++ new/postfix-3.1.3/src/global/mail_version.h 2016-10-02 01:26:18.000000000
+0200
@@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20160828"
-#define MAIL_VERSION_NUMBER "3.1.2"
+#define MAIL_RELEASE_DATE "20161001"
+#define MAIL_VERSION_NUMBER "3.1.3"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.1.2/src/smtpd/smtpd.c
new/postfix-3.1.3/src/smtpd/smtpd.c
--- old/postfix-3.1.2/src/smtpd/smtpd.c 2016-01-24 01:55:14.000000000 +0100
+++ new/postfix-3.1.3/src/smtpd/smtpd.c 2016-09-11 15:43:12.000000000 +0200
@@ -4848,6 +4848,15 @@
case 0:
/*
+ * Reset the per-command counters.
+ */
+ for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) {
+ cmdp->success_count = cmdp->total_count = 0;
+ if (cmdp->name == 0)
+ break;
+ }
+
+ /*
* In TLS wrapper mode, turn on TLS using code that is shared with
* the STARTTLS command. This code does not return when the handshake
* fails.
@@ -5019,15 +5028,6 @@
#endif
/*
- * Reset the per-command counters.
- */
- for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) {
- cmdp->success_count = cmdp->total_count = 0;
- if (cmdp->name == 0)
- break;
- }
-
- /*
* The command read/execute loop.
*/
for (;;) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-3.1.2/src/util/dict_union.c
new/postfix-3.1.3/src/util/dict_union.c
--- old/postfix-3.1.2/src/util/dict_union.c 2014-10-21 01:53:04.000000000
+0200
+++ new/postfix-3.1.3/src/util/dict_union.c 2016-09-17 14:07:15.000000000
+0200
@@ -81,11 +81,13 @@
for (cpp = dict_union->map_union->argv; (dict_type_name = *cpp) != 0;
cpp++) {
if ((map = dict_handle(dict_type_name)) == 0)
msg_panic("%s: dictionary \"%s\" not found", myname,
dict_type_name);
- if ((result = dict_get(map, query)) == 0)
- continue;
- if (VSTRING_LEN(dict_union->re_buf) > 0)
- VSTRING_ADDCH(dict_union->re_buf, ',');
- vstring_strcat(dict_union->re_buf, result);
+ if ((result = dict_get(map, query)) != 0) {
+ if (VSTRING_LEN(dict_union->re_buf) > 0)
+ VSTRING_ADDCH(dict_union->re_buf, ',');
+ vstring_strcat(dict_union->re_buf, result);
+ } else if (map->error != 0) {
+ DICT_ERR_VAL_RETURN(dict, map->error, 0);
+ }
}
DICT_ERR_VAL_RETURN(dict, DICT_ERR_NONE,
VSTRING_LEN(dict_union->re_buf) > 0 ?
