diff --git a/postfix/HISTORY b/postfix/HISTORY
index 4f7301355..1ea43b766 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -27440,11 +27440,14 @@ Apologies for any names omitted.
20231006
- Cleanup: attempt to log the SASL username after authentication
- failure. This appends ", sasl_username=xxx" to SASL authentication
- failure logging. Based on code by Jozsef Kadlecsik. Files:
- xsasl/xsasl_server.c, xsasl/xsasl_cyrus_server.c,
- smtpd/smtpd_sasl_glue.c.
+ Usability: the Postfix SMTP server now attempts to log the
+ SASL username after authentication failure. In Postfix
+ logging, this appends ", sasl_username=xxx" after the reason
+ for SASL authentication failure. The logging replaces an
+ unavailable reason with "(reason unavailable)", and replaces
+ an unavailable sasl_username with "(unavailable)". Based
+ on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c,
+ xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c.
20231008
@@ -27520,3 +27523,33 @@ Apologies for any names omitted.
Cleanup: explicit %.100s limits for client-controlled strings
in SASL error logging. File: smtpd/smtpd_sasl_glue.c.
+
+20231102
+
+ Bugfix (defect introduced: Postfix 2.3, date 20051222): the
+ Dovecot auth client did not reset the 'reason' from a
+ previous Dovecot auth service response, before parsing the
+ next Dovecot auth server response. Reported by Stephan
+ Bosch, File: xsasl/xsasl_dovecot_server.c.
+
+20231105
+
+ Cleanup: Postfix SMTP server response with an empty
+ authentication failure reason. File: smtpd/smtpd_sasl_glue.c.
+
+ Cleanup: proxymap error message when the service name is
+ not "proxymap" or "proxywrite". File: proxymap/proxymap.c.
+
+20231109
+
+ Portability: MariaDB emulates MySQL >= 5.7.6, but does not
+ implement mysql_real_escape_string_quote(). Fix by Levente
+ Birta. File: global/dict_mysql.c.
+
+ Portability: more precise MYSQL_VERSION_ID check. File:
+ global/dict_mysql.c.
+
+20231112
+
+ Robustness: don't loop on an 'unfinished' queue file that
+ still has its all-zero SIZE record. File: postcat/postcat.c.
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index 30f1b81ed..0b5209c43 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -8,9 +8,10 @@ Wish list:
postfix-install should mention makedefs.out.
- In valid_utf8_string.c, add tests for over-long encodings
- and surrogates. Can we add tests for 4-byte encodings with
- strings that are displayable?
+ Propagate information about parsed daemon command-line
+ options to service callback functions. With this, a proxywrite
+ server can enforce a process limit of 1 without duplicating
+ libmaster's command-line parsing code.
Add a pre-release check for '.' instead of ','. Generalize
from grep '[a-zA-Z0-9]\. *[a-z]' proto/*|egrep -v
diff --git a/postfix/html/postcat.1.html b/postfix/html/postcat.1.html
index 4c61c5205..71b763e4f 100644
--- a/postfix/html/postcat.1.html
+++ b/postfix/html/postcat.1.html
@@ -85,7 +85,7 @@ POSTCAT(1) POSTCAT(1)
figuration files.
import_environment (see 'postconf -d' output)
- The list of environment parameters that a privileged Postfix
+ The list of environment variables that a privileged Postfix
process will import from a non-Postfix parent process, or
name=value environment overrides.
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 55314b681..62260c23b 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -3799,7 +3799,8 @@ filtered with the character set that is specified with the
The address extension delimiter that was found in the recipient
address (Postfix 2.11 and later), or the 'first' delimiter specified
with the system-wide recipient address extension delimiter (Postfix
-3.5.22, 3.5.12, 3.7.8, 3.8.3 and later), or the system-wide recipient
+3.5.22, 3.6.12, 3.7.8, 3.8.3 and later). Historically, this was
+always the system-wide recipient
address extension delimiter (Postfix 2.10 and earlier).
${name?value}
diff --git a/postfix/man/man1/postcat.1 b/postfix/man/man1/postcat.1
index eb3025ba1..f6541eb7c 100644
--- a/postfix/man/man1/postcat.1
+++ b/postfix/man/man1/postcat.1
@@ -88,7 +88,7 @@ The text below provides only a parameter summary. See
The default location of the Postfix main.cf and master.cf
configuration files.
.IP "\fBimport_environment (see 'postconf -d' output)\fR"
-The list of environment parameters that a privileged Postfix
+The list of environment variables that a privileged Postfix
process will import from a non\-Postfix parent process, or name=value
environment overrides.
.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index afdacfe0b..7ffe42b00 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -2417,7 +2417,8 @@ The entire recipient localpart.
The address extension delimiter that was found in the recipient
address (Postfix 2.11 and later), or the 'first' delimiter specified
with the system\-wide recipient address extension delimiter (Postfix
-3.5.22, 3.5.12, 3.7.8, 3.8.3 and later), or the system\-wide recipient
+3.5.22, 3.6.12, 3.7.8, 3.8.3 and later). Historically, this was
+always the system\-wide recipient
address extension delimiter (Postfix 2.10 and earlier).
.br
.IP "\fB${name?value}\fR"
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 34762e12e..0a60e0c01 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -1783,7 +1783,8 @@ forward_expansion_filter parameter.
The address extension delimiter that was found in the recipient
address (Postfix 2.11 and later), or the 'first' delimiter specified
with the system-wide recipient address extension delimiter (Postfix
-3.5.22, 3.5.12, 3.7.8, 3.8.3 and later), or the system-wide recipient
+3.5.22, 3.6.12, 3.7.8, 3.8.3 and later). Historically, this was
+always the system-wide recipient
address extension delimiter (Postfix 2.10 and earlier).
${name?value}
diff --git a/postfix/src/global/dict_mysql.c b/postfix/src/global/dict_mysql.c
index 9f7d5409d..40836f47b 100644
--- a/postfix/src/global/dict_mysql.c
+++ b/postfix/src/global/dict_mysql.c
@@ -210,7 +210,7 @@ static void dict_mysql_quote(DICT *dict, const char *name, VSTRING *result)
if (dict_mysql->active_host == 0)
msg_panic("dict_mysql_quote: no active host");
-#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50700
+#if MYSQL_VERSION_ID >= 50706 && !defined(MARIADB_VERSION_ID)
mysql_real_escape_string_quote(dict_mysql->active_host->db,
vstring_end(result), name, len, '\'');
#else
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index abcbbc0fb..34956d70a 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20231030"
+#define MAIL_RELEASE_DATE "20231112"
#define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT
diff --git a/postfix/src/postcat/postcat.c b/postfix/src/postcat/postcat.c
index 36f27404a..26b46a91b 100644
--- a/postfix/src/postcat/postcat.c
+++ b/postfix/src/postcat/postcat.c
@@ -76,7 +76,7 @@
/* The default location of the Postfix main.cf and master.cf
/* configuration files.
/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
-/* The list of environment parameters that a privileged Postfix
+/* The list of environment variables that a privileged Postfix
/* process will import from a non-Postfix parent process, or name=value
/* environment overrides.
/* .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
@@ -274,7 +274,7 @@ static void postcat(VSTREAM *fp, VSTRING *buffer, int flags)
break;
/* Optimization: skip to extracted segment marker. */
if (do_print == 0 && (flags & PC_FLAG_PRINT_ENV)
- && data_offset >= 0 && data_size >= 0
+ && data_offset > 0 && data_size >= 0
&& vstream_fseek(fp, data_offset + data_size, SEEK_SET) < 0)
msg_fatal("seek error: %m");
}
@@ -289,7 +289,7 @@ static void postcat(VSTREAM *fp, VSTRING *buffer, int flags)
PRINT_MARKER(flags, fp, offset, rec_type, "MESSAGE CONTENTS");
/* Optimization: skip to extracted segment marker. */
if ((flags & PC_MASK_PRINT_TEXT) == 0
- && data_offset >= 0 && data_size >= 0
+ && data_offset > 0 && data_size >= 0
&& vstream_fseek(fp, data_offset + data_size, SEEK_SET) < 0)
msg_fatal("seek error: %m");
/* Update the state machine, even when skipping. */
diff --git a/postfix/src/proxymap/proxymap.c b/postfix/src/proxymap/proxymap.c
index abdcf3af7..9bfab7904 100644
--- a/postfix/src/proxymap/proxymap.c
+++ b/postfix/src/proxymap/proxymap.c
@@ -753,7 +753,7 @@ static void post_jail_init(char *service_name, char **unused_argv)
proxy_writer = 1;
else if (strcmp(service_name, MAIL_SERVICE_PROXYMAP) != 0)
msg_fatal("service name must be one of %s or %s",
- MAIL_SERVICE_PROXYMAP, MAIL_SERVICE_PROXYMAP);
+ MAIL_SERVICE_PROXYWRITE, MAIL_SERVICE_PROXYMAP);
/*
* Pre-allocate buffers.
diff --git a/postfix/src/smtpd/smtpd_sasl_glue.c b/postfix/src/smtpd/smtpd_sasl_glue.c
index 289f446af..116336648 100644
--- a/postfix/src/smtpd/smtpd_sasl_glue.c
+++ b/postfix/src/smtpd/smtpd_sasl_glue.c
@@ -344,18 +344,20 @@ int smtpd_sasl_authenticate(SMTPD_STATE *state,
}
}
if (status != XSASL_AUTH_DONE) {
+ const char *reason = (*STR(state->sasl_reply) ? STR(state->sasl_reply) :
+ "(reason unavailable)");
+
sasl_username = xsasl_server_get_username(state->sasl_server);
msg_warn("%s: SASL %.100s authentication failed: %s, sasl_username=%.100s",
- state->namaddr, sasl_method, *STR(state->sasl_reply) ?
- STR(state->sasl_reply) : "(reason unavailable)",
+ state->namaddr, sasl_method, reason,
sasl_username ? sasl_username : "(unavailable)");
/* RFC 4954 Section 6. */
if (status == XSASL_AUTH_TEMP)
smtpd_chat_reply(state, "454 4.7.0 Temporary authentication failure: %s",
- STR(state->sasl_reply));
+ reason);
else
smtpd_chat_reply(state, "535 5.7.8 Error: authentication failed: %s",
- STR(state->sasl_reply));
+ reason);
return (-1);
}
/* RFC 4954 Section 6. */
diff --git a/postfix/src/xsasl/xsasl_dovecot_server.c b/postfix/src/xsasl/xsasl_dovecot_server.c
index 1d1c57063..4a0c085cc 100644
--- a/postfix/src/xsasl/xsasl_dovecot_server.c
+++ b/postfix/src/xsasl/xsasl_dovecot_server.c
@@ -543,6 +543,8 @@ static void xsasl_dovecot_parse_reply_args(XSASL_DOVECOT_SERVER *server,
myfree(server->username);
server->username = 0;
}
+ VSTRING_RESET(reply);
+ VSTRING_TERMINATE(reply);
/*
* Note: TAB is part of the Dovecot protocol and must not appear in