Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at 2016-10-14 09:26:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfix (Old) and /work/SRC/openSUSE:Factory/.postfix.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix" Changes: -------- --- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2016-09-09 10:16:20.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes 2016-10-14 09:26:06.000000000 +0200 @@ -1,0 +2,17 @@ +Sun Oct 9 20:11:34 UTC 2016 - mich...@stroeder.com + +- update to 3.1.3: + * The Postfix SMTP server did not reset a previous session's + failed/total command counts before rejecting a client that + exceeds request or concurrency rates. This resulted in incorrect + failed/total command counts being logged at the end of the + rejected session. + * The unionmap multi-table interface did not propagate table + lookup errors, resulting in false "user unknown" responses. + * The documentation was updated with a workaround for false "not + found" errors with MySQL map queries that contain UTF8-encoded + text. The workaround is to specify "option_group = client" in + Postfix MySQL configuration files. This will be the default + setting with Postfix 3.2 and later. + +------------------------------------------------------------------- Old: ---- postfix-3.1.2.tar.gz New: ---- postfix-3.1.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.mFWIWU/_old 2016-10-14 09:26:08.000000000 +0200 +++ /var/tmp/diff_new_pack.mFWIWU/_new 2016-10-14 09:26:08.000000000 +0200 @@ -59,7 +59,7 @@ %define _unitdir /lib/systemd %endif Name: postfix -Version: 3.1.2 +Version: 3.1.3 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0 ++++++ postfix-3.1.2.tar.gz -> postfix-3.1.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.1.2/HISTORY new/postfix-3.1.3/HISTORY --- old/postfix-3.1.2/HISTORY 2016-08-28 01:50:23.000000000 +0200 +++ new/postfix-3.1.3/HISTORY 2016-10-02 01:36:45.000000000 +0200 @@ -22227,8 +22227,9 @@ Bugfix (introduced: Postfix 3.0): the tls_session_ticket_cipher documentation says aes-256-cbc, but the implementation was - using aes-128-cbc (note that Postfix SMTP server and client - processes have a limited life time). + using aes-128-cbc (note that Postfix session ticket keys + are rotated after 1/2 hour, to limit the impact of attacks + on session ticket keys). 20160828 @@ -22236,3 +22237,24 @@ Viktor Dukhovni. Files: posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_dane.c, tls/tls_verify.c, tls/tls_server.c, tls/tls_client.c. + +20160911 + + Bugfix (introduced: Postfix 3.0): the SMTP daemon did not + reset a previous session's command counts before rejecting + a client that exceeds request or concurrency rates. File: + smtpd/smtpd.c. + +20160917 + + Bugfix (introduced: Postfix 3.0): the unionmap did not + propagate table lookup errors. Based on patch by Roel van + Meer. Files: util/dict_union.c, util/dict_union_test.*. + +20160925 + + Workaround (problem introduced: Postfix 2.11): to avoid + false "not found" errors with MySQL map queries that contain + UTF8-encoded text, specify "option_group = client" in Postfix + MySQL configuration files. This will be the default setting + with Postfix 3.2 and later. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.1.2/README_FILES/MYSQL_README new/postfix-3.1.3/README_FILES/MYSQL_README --- old/postfix-3.1.2/README_FILES/MYSQL_README 2015-01-29 23:33:49.000000000 +0100 +++ new/postfix-3.1.3/README_FILES/MYSQL_README 2016-10-02 01:01:38.000000000 +0200 @@ -94,8 +94,20 @@ # Don't forget the leading "AND"! additional_conditions = AND status = 'paid' +# This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1, +# and is the default setting as of Postfix 3.2, +option_group = client + AAddddiittiioonnaall nnootteess +Postfix 3.2 and later read [[cclliieenntt]] option group settings by default. To +disable this, specify no ooppttiioonn__ffiillee and specify "ooppttiioonn__ggrroouupp ==" (i.e. an +empty value). + +Postfix 3.1 and earlier don't read [[cclliieenntt]] option group settings unless a non- +empty ooppttiioonn__ffiillee or ooppttiioonn__ggrroouupp value are specified. To enable this, specify, +for example "ooppttiioonn__ggrroouupp == cclliieenntt". + The MySQL configuration interface setup allows for multiple mysql databases: you can use one for a virtual table, one for an access table, and one for an aliases table if you want. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.1.2/RELEASE_NOTES new/postfix-3.1.3/RELEASE_NOTES --- old/postfix-3.1.2/RELEASE_NOTES 2016-02-23 00:10:22.000000000 +0100 +++ new/postfix-3.1.3/RELEASE_NOTES 2016-10-02 01:36:03.000000000 +0200 @@ -16,6 +16,14 @@ If you upgrade from Postfix 2.11 or earlier, read RELEASE_NOTES-3.0 before proceeding. +Workaround - UTF8 support in Postfix MySQL queries +-------------------------------------------------- + +Someone reported false "not found" errors with MySQL map queries +that contain UTF8-encoded text. To avoid such errors, specify +"option_group = client" in Postfix MySQL configuration files. This +will be the default setting with Postfix 3.2 and later. + Major changes - address verification safety ------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.1.2/html/MYSQL_README.html new/postfix-3.1.3/html/MYSQL_README.html --- old/postfix-3.1.2/html/MYSQL_README.html 2015-01-29 23:33:47.000000000 +0100 +++ new/postfix-3.1.3/html/MYSQL_README.html 2016-10-02 01:01:38.000000000 +0200 @@ -130,10 +130,23 @@ where_field = alias # Don't forget the leading "AND"! additional_conditions = AND status = 'paid' + +# This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1, +# and is the default setting as of Postfix 3.2, +option_group = client </pre> <h2>Additional notes</h2> +<p> Postfix 3.2 and later read <b>[client]</b> option group settings +by default. To disable this, specify no <b>option_file</b> and +specify "<b>option_group =</b>" (i.e. an empty value). </p> + +<p> Postfix 3.1 and earlier don't read <b>[client]</b> option group +settings unless a non-empty <b>option_file</b> or <b>option_group</b> +value are specified. To enable this, specify, for example +"<b>option_group = client</b>". </p> + <p> The MySQL configuration interface setup allows for multiple mysql databases: you can use one for a virtual table, one for an access table, and one for an aliases table if you want. </p> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.1.2/html/mysql_table.5.html new/postfix-3.1.3/html/mysql_table.5.html --- old/postfix-3.1.2/html/mysql_table.5.html 2016-02-14 01:58:00.000000000 +0100 +++ new/postfix-3.1.3/html/mysql_table.5.html 2016-10-02 01:01:39.000000000 +0200 @@ -232,6 +232,11 @@ <b>option_group</b> Read options from the given group. + Postfix 3.1 and earlier don't read <b>[client]</b> option group set- + tings unless a non-empty <b>option_file</b> or <b>option_group</b> value are + specified. To enable this, specify, for example, "<b>option_group =</b> + <b>client</b>". + This parameter is available with Postfix 2.11 and later. <b>tls_cert_file</b> @@ -240,37 +245,37 @@ This parameter is available with Postfix 2.11 and later. <b>tls_key_file</b> - File containing the private key corresponding to <b>tls_cert_file</b>. + File containing the private key corresponding to <b>tls_cert_file</b>. This parameter is available with Postfix 2.11 and later. <b>tls_CAfile</b> - File containing certificates for all of the X509 Certification - Authorities the client will recognize. Takes precedence over + File containing certificates for all of the X509 Certification + Authorities the client will recognize. Takes precedence over <b>tls_CApath</b>. This parameter is available with Postfix 2.11 and later. <b>tls_CApath</b> - Directory containing X509 Certification Authority certificates + Directory containing X509 Certification Authority certificates in separate individual files. This parameter is available with Postfix 2.11 and later. <b>tls_verify_cert (default: no)</b> - Verify that the server's name matches the common name in the + Verify that the server's name matches the common name in the certificate. This parameter is available with Postfix 2.11 and later. <b>OBSOLETE QUERY INTERFACE</b> - This section describes an interface that is deprecated as of Postfix - 2.2. It is replaced by the more general <b>query</b> interface described - above. If the <b>query</b> parameter is defined, the legacy parameters - described here ignored. Please migrate to the new interface as the + This section describes an interface that is deprecated as of Postfix + 2.2. It is replaced by the more general <b>query</b> interface described + above. If the <b>query</b> parameter is defined, the legacy parameters + described here ignored. Please migrate to the new interface as the legacy interface may be removed in a future release. - The following parameters can be used to fill in a SELECT template + The following parameters can be used to fill in a SELECT template statement of the form: SELECT [<b>select_field</b>] @@ -279,7 +284,7 @@ [<b>additional_conditions</b>] The specifier %s is replaced by the search string, and is escaped so if - it contains single quotes or other odd characters, it will not cause a + it contains single quotes or other odd characters, it will not cause a parse error, or worse, a security problem. <b>select_field</b> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.1.2/man/man5/mysql_table.5 new/postfix-3.1.3/man/man5/mysql_table.5 --- old/postfix-3.1.2/man/man5/mysql_table.5 2016-02-14 01:57:59.000000000 +0100 +++ new/postfix-3.1.3/man/man5/mysql_table.5 2016-10-02 01:01:39.000000000 +0200 @@ -264,6 +264,11 @@ .IP "\fBoption_group\fR" Read options from the given group. .sp +Postfix 3.1 and earlier don't read \fB[client]\fR option +group settings unless a non\-empty \fBoption_file\fR or +\fBoption_group\fR value are specified. To enable this, +specify, for example, "\fBoption_group = client\fR". +.sp This parameter is available with Postfix 2.11 and later. .IP "\fBtls_cert_file\fR" File containing client's X509 certificate. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.1.2/proto/MYSQL_README.html new/postfix-3.1.3/proto/MYSQL_README.html --- old/postfix-3.1.2/proto/MYSQL_README.html 2015-01-29 23:33:24.000000000 +0100 +++ new/postfix-3.1.3/proto/MYSQL_README.html 2016-10-02 00:36:50.000000000 +0200 @@ -130,10 +130,23 @@ where_field = alias # Don't forget the leading "AND"! additional_conditions = AND status = 'paid' + +# This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1, +# and is the default setting as of Postfix 3.2, +option_group = client </pre> <h2>Additional notes</h2> +<p> Postfix 3.2 and later read <b>[client]</b> option group settings +by default. To disable this, specify no <b>option_file</b> and +specify "<b>option_group =</b>" (i.e. an empty value). </p> + +<p> Postfix 3.1 and earlier don't read <b>[client]</b> option group +settings unless a non-empty <b>option_file</b> or <b>option_group</b> +value are specified. To enable this, specify, for example +"<b>option_group = client</b>". </p> + <p> The MySQL configuration interface setup allows for multiple mysql databases: you can use one for a virtual table, one for an access table, and one for an aliases table if you want. </p> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.1.2/proto/mysql_table new/postfix-3.1.3/proto/mysql_table --- old/postfix-3.1.2/proto/mysql_table 2016-02-12 21:25:01.000000000 +0100 +++ new/postfix-3.1.3/proto/mysql_table 2016-10-02 01:01:14.000000000 +0200 @@ -252,6 +252,11 @@ # .IP "\fBoption_group\fR" # Read options from the given group. # .sp +# Postfix 3.1 and earlier don't read \fB[client]\fR option +# group settings unless a non-empty \fBoption_file\fR or +# \fBoption_group\fR value are specified. To enable this, +# specify, for example, "\fBoption_group = client\fR". +# .sp # This parameter is available with Postfix 2.11 and later. # .IP "\fBtls_cert_file\fR" # File containing client's X509 certificate. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.1.2/src/global/mail_version.h new/postfix-3.1.3/src/global/mail_version.h --- old/postfix-3.1.2/src/global/mail_version.h 2016-08-27 23:51:27.000000000 +0200 +++ new/postfix-3.1.3/src/global/mail_version.h 2016-10-02 01:26:18.000000000 +0200 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20160828" -#define MAIL_VERSION_NUMBER "3.1.2" +#define MAIL_RELEASE_DATE "20161001" +#define MAIL_VERSION_NUMBER "3.1.3" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.1.2/src/smtpd/smtpd.c new/postfix-3.1.3/src/smtpd/smtpd.c --- old/postfix-3.1.2/src/smtpd/smtpd.c 2016-01-24 01:55:14.000000000 +0100 +++ new/postfix-3.1.3/src/smtpd/smtpd.c 2016-09-11 15:43:12.000000000 +0200 @@ -4848,6 +4848,15 @@ case 0: /* + * Reset the per-command counters. + */ + for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) { + cmdp->success_count = cmdp->total_count = 0; + if (cmdp->name == 0) + break; + } + + /* * In TLS wrapper mode, turn on TLS using code that is shared with * the STARTTLS command. This code does not return when the handshake * fails. @@ -5019,15 +5028,6 @@ #endif /* - * Reset the per-command counters. - */ - for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) { - cmdp->success_count = cmdp->total_count = 0; - if (cmdp->name == 0) - break; - } - - /* * The command read/execute loop. */ for (;;) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.1.2/src/util/dict_union.c new/postfix-3.1.3/src/util/dict_union.c --- old/postfix-3.1.2/src/util/dict_union.c 2014-10-21 01:53:04.000000000 +0200 +++ new/postfix-3.1.3/src/util/dict_union.c 2016-09-17 14:07:15.000000000 +0200 @@ -81,11 +81,13 @@ for (cpp = dict_union->map_union->argv; (dict_type_name = *cpp) != 0; cpp++) { if ((map = dict_handle(dict_type_name)) == 0) msg_panic("%s: dictionary \"%s\" not found", myname, dict_type_name); - if ((result = dict_get(map, query)) == 0) - continue; - if (VSTRING_LEN(dict_union->re_buf) > 0) - VSTRING_ADDCH(dict_union->re_buf, ','); - vstring_strcat(dict_union->re_buf, result); + if ((result = dict_get(map, query)) != 0) { + if (VSTRING_LEN(dict_union->re_buf) > 0) + VSTRING_ADDCH(dict_union->re_buf, ','); + vstring_strcat(dict_union->re_buf, result); + } else if (map->error != 0) { + DICT_ERR_VAL_RETURN(dict, map->error, 0); + } } DICT_ERR_VAL_RETURN(dict, DICT_ERR_NONE, VSTRING_LEN(dict_union->re_buf) > 0 ?