From 33701748e11d4b8a25a34aaafce2aa2f02d1ffb2 Mon Sep 17 00:00:00 2001 From: Wietse Z Venema Date: Sun, 27 Oct 2024 00:00:00 -0500 Subject: [PATCH] postfix-3.10-20241027 --- postfix/HISTORY | 20 +++ postfix/html/mysql_table.5.html | 16 ++- postfix/html/pgsql_table.5.html | 157 ++++++++++++----------- postfix/man/man5/mysql_table.5 | 16 ++- postfix/man/man5/pgsql_table.5 | 26 ++-- postfix/proto/mysql_table | 16 ++- postfix/proto/pgsql_table | 26 ++-- postfix/proto/stop | 1 + postfix/src/global/mail_version.h | 2 +- postfix/src/xsasl/xsasl_dovecot_server.c | 1 + 10 files changed, 173 insertions(+), 108 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index d736e68fa..fa98c069b 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -28447,3 +28447,23 @@ Apologies for any names omitted. is allowed). The dbname setting is now optional if the hosts setting specifies only URIs. Files: util/valid_uri_scheme.[hc], proto/pgsql_table. + +202141026 + + Documentation: updated the pgsql_table manpage that the + "user" and "password" settings are also ignored when a + "hosts" setting specifies an URI. File: proto/pgsql_table. + + Documentation: updated text for how to handle retries with a + load balancer. Files: proto/pgsql_table, proto/mysql_table. + +20241027 + + Bugfix (defect introduced: Postfix 2.3, date 20051222): + file descriptor leak after failure to connect to a Dovecot + auth server. The impact is limited because there are limits + on the number of retries (one), on the number of errors per + SMTP session (smtpd_hard_error_limit), on the number + of sessions per SMTP server process (max_use), and on the + number file handles per process (managed with sysctl). + File: xsasl/xsasl_dovecot_server.c. diff --git a/postfix/html/mysql_table.5.html b/postfix/html/mysql_table.5.html index 009b90e39..25c5c13e8 100644 --- a/postfix/html/mysql_table.5.html +++ b/postfix/html/mysql_table.5.html @@ -61,11 +61,11 @@ MYSQL_TABLE(5) MYSQL_TABLE(5) TCP you have to specify hosts = 127.0.0.1 - NOTE: if "hosts" specifies one load balancer and no alternative - servers, specify the load balancer multiple times in the "hosts" - line. Without the duplicate info, the Postfix MySQL client would - not reconnect immediately to the same load balancer after a - MySQL server failure. + NOTE: if the hosts setting specifies one load balancer and no + alternative servers, specify the load balancer multiple times. + Without the duplicate info, the Postfix MySQL client would not + reconnect immediately to the same load balancer after a request + failure. user @@ -96,6 +96,12 @@ MYSQL_TABLE(5) MYSQL_TABLE(5) The number of seconds that a database connection will be skipped after an error. + NOTE: if the hosts setting specifies one load balancer and no + alternative servers, specify the load balancer multiple times. + Without the duplicate info, the Postfix MySQL client would not + reconnect immediately to the same load balancer after a request + failure. + This feature is available in Postfix 3.9 and later. query The SQL query template used to search the database, where %s is diff --git a/postfix/html/pgsql_table.5.html b/postfix/html/pgsql_table.5.html index f55724ed9..0b153b93b 100644 --- a/postfix/html/pgsql_table.5.html +++ b/postfix/html/pgsql_table.5.html @@ -61,15 +61,15 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) matically closed after being idle for about 1 minute, and are re-opened as necessary. See idle_interval for details. - NOTE: if hosts specifies a PostgreSQL connection URI, the Post- - greSQL client library will ignore the dbname setting for that - connection. + NOTE: if the hosts setting specifies a PostgreSQL connection + URI, the Postfix PostgreSQL client will ignore the dbname, user, + and password settings for that connection. - NOTE: if hosts specifies one load balancer and no alternative - servers, specify the load balancer multiple times in the hosts - line. Without the duplicate info, the Postfix PostgreSQL client - would not reconnect immediately to the same load balancer after - a PostgreSQL server failure. + NOTE: if the hosts setting specifies one load balancer and no + alternative servers, specify the load balancer multiple times. + Without the duplicate info, the Postfix PostgreSQL client would + not reconnect immediately to the same load balancer after a + request failure. user @@ -79,28 +79,31 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) user = someone password = some_password + The user and password settings are ignored for hosts connections + that are specified as an URI. + dbname The database name on the servers. Example: dbname = customer_database - The dbname setting is ignored for hosts connections that are + The dbname setting is ignored for hosts connections that are specified as an URI. The dbname setting is required with Postfix 3.10 and later, when - hosts specifies any non-URI connection; it is always required + hosts specifies any non-URI connection; it is always required with earlier Postfix versions. encoding - The encoding used by the database client. The default setting + The encoding used by the database client. The default setting is: encoding = UTF8 - Historically, the database client was hard coded to use LATIN1 + Historically, the database client was hard coded to use LATIN1 in an attempt to disable multibyte character support. This feature is available in Postfix 3.8 and later. idle_interval (default: 60) - The number of seconds after which an idle database connection + The number of seconds after which an idle database connection will be closed. This feature is available in Postfix 3.9 and later. @@ -109,10 +112,16 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) The number of seconds that a database connection will be skipped after an error. + NOTE: if the hosts setting specifies one load balancer and no + alternative servers, specify the load balancer multiple times. + Without the duplicate info, the Postfix PostgreSQL client would + not reconnect immediately to the same load balancer after a + request failure. + This feature is available in Postfix 3.9 and later. - query The SQL query template used to search the database, where %s is - a substitute for the address Postfix is trying to resolve, e.g. + query The SQL query template used to search the database, where %s is + a substitute for the address Postfix is trying to resolve, e.g. query = SELECT replacement FROM aliases WHERE mailbox = '%s' This parameter supports the following '%' expansions: @@ -120,48 +129,48 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) %% This is replaced by a literal '%' character. (Postfix 2.2 and later) - %s This is replaced by the input key. SQL quoting is used - to make sure that the input key does not add unexpected + %s This is replaced by the input key. SQL quoting is used + to make sure that the input key does not add unexpected metacharacters. %u When the input key is an address of the form user@domain, - %u is replaced by the SQL quoted local part of the - address. Otherwise, %u is replaced by the entire search - string. If the localpart is empty, the query is sup- + %u is replaced by the SQL quoted local part of the + address. Otherwise, %u is replaced by the entire search + string. If the localpart is empty, the query is sup- pressed and returns no results. %d When the input key is an address of the form user@domain, - %d is replaced by the SQL quoted domain part of the - address. Otherwise, the query is suppressed and returns + %d is replaced by the SQL quoted domain part of the + address. Otherwise, the query is suppressed and returns no results. %[SUD] The upper-case equivalents of the above expansions behave - in the query parameter identically to their lower-case - counter-parts. With the result_format parameter (see - below), they expand the input key rather than the result + in the query parameter identically to their lower-case + counter-parts. With the result_format parameter (see + below), they expand the input key rather than the result value. - The above %S, %U and %D expansions are available with + The above %S, %U and %D expansions are available with Postfix 2.2 and later - %[1-9] The patterns %1, %2, ... %9 are replaced by the corre- - sponding most significant component of the input key's - domain. If the input key is user@mail.example.com, then + %[1-9] The patterns %1, %2, ... %9 are replaced by the corre- + sponding most significant component of the input key's + domain. If the input key is user@mail.example.com, then %1 is com, %2 is example and %3 is mail. If the input key - is unqualified or does not have enough domain components - to satisfy all the specified patterns, the query is sup- + is unqualified or does not have enough domain components + to satisfy all the specified patterns, the query is sup- pressed and returns no results. - The above %1, ... %9 expansions are available with Post- + The above %1, ... %9 expansions are available with Post- fix 2.2 and later - The domain parameter described below limits the input keys to - addresses in matching domains. When the domain parameter is + The domain parameter described below limits the input keys to + addresses in matching domains. When the domain parameter is non-empty, SQL queries for unqualified addresses or addresses in non-matching domains are suppressed and return no results. - The precedence of this parameter has changed with Postfix 2.2, - in prior releases the precedence was, from highest to lowest, + The precedence of this parameter has changed with Postfix 2.2, + in prior releases the precedence was, from highest to lowest, select_function, query, select_field, ... With Postfix 2.2 the query parameter has highest precedence, see @@ -171,42 +180,42 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) result_format (default: %s) Format template applied to result attributes. Most commonly used - to append (or prepend) text to the result. This parameter sup- + to append (or prepend) text to the result. This parameter sup- ports the following '%' expansions: %% This is replaced by a literal '%' character. - %s This is replaced by the value of the result attribute. + %s This is replaced by the value of the result attribute. When result is empty it is skipped. %u When the result attribute value is an address of the form - user@domain, %u is replaced by the local part of the - address. When the result has an empty localpart it is + user@domain, %u is replaced by the local part of the + address. When the result has an empty localpart it is skipped. - %d When a result attribute value is an address of the form - user@domain, %d is replaced by the domain part of the - attribute value. When the result is unqualified it is + %d When a result attribute value is an address of the form + user@domain, %d is replaced by the domain part of the + attribute value. When the result is unqualified it is skipped. %[SUD1-9] - The upper-case and decimal digit expansions interpolate - the parts of the input key rather than the result. Their - behavior is identical to that described with query, and - in fact because the input key is known in advance, - queries whose key does not contain all the information - specified in the result template are suppressed and + The upper-case and decimal digit expansions interpolate + the parts of the input key rather than the result. Their + behavior is identical to that described with query, and + in fact because the input key is known in advance, + queries whose key does not contain all the information + specified in the result template are suppressed and return no results. For example, using "result_format = smtp:[%s]" allows one to use a mailHost attribute as the basis of a transport(5) table. After - applying the result format, multiple values are concatenated as + applying the result format, multiple values are concatenated as comma separated strings. The expansion_limit and parameter - explained below allows one to restrict the number of values in + explained below allows one to restrict the number of values in the result, which is especially useful for maps that must return at most one value. - The default value %s specifies that each result value should be + The default value %s specifies that each result value should be used as is. This parameter is available with Postfix 2.2 and later. @@ -214,15 +223,15 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) NOTE: DO NOT put quotes around the result format! domain (default: no domain list) - This is a list of domain names, paths to files, or "type:table" + This is a list of domain names, paths to files, or "type:table" databases. When specified, only fully qualified search keys with - a *non-empty* localpart and a matching domain are eligible for + a *non-empty* localpart and a matching domain are eligible for lookup: 'user' lookups, bare domain lookups and "@domain" - lookups are not performed. This can significantly reduce the + lookups are not performed. This can significantly reduce the query load on the PostgreSQL server. domain = postfix.org, hash:/etc/postfix/searchdomains - It is best not to use SQL to store the domains eligible for SQL + It is best not to use SQL to store the domains eligible for SQL lookups. This parameter is available with Postfix 2.2 and later. @@ -231,28 +240,28 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) the input keys are always unqualified. expansion_limit (default: 0) - A limit on the total number of result elements returned (as a + A limit on the total number of result elements returned (as a comma separated list) by a lookup against the map. A setting of - zero disables the limit. Lookups fail with a temporary error if - the limit is exceeded. Setting the limit to 1 ensures that + zero disables the limit. Lookups fail with a temporary error if + the limit is exceeded. Setting the limit to 1 ensures that lookups do not return multiple values. OBSOLETE MAIN.CF PARAMETERS - For compatibility with other Postfix lookup tables, PostgreSQL parame- - ters can also be defined in main.cf. In order to do that, specify as + For compatibility with other Postfix lookup tables, PostgreSQL parame- + ters can also be defined in main.cf. In order to do that, specify as PostgreSQL source a name that doesn't begin with a slash or a dot. The - PostgreSQL parameters will then be accessible as the name you've given + PostgreSQL parameters will then be accessible as the name you've given the source in its definition, an underscore, and the name of the param- - eter. For example, if the map is specified as "pgsql:pgsqlname", the + eter. For example, if the map is specified as "pgsql:pgsqlname", the parameter "hosts" would be defined in main.cf as "pgsqlname_hosts". - Note: with this form, the passwords for the PostgreSQL sources are + Note: with this form, the passwords for the PostgreSQL sources are written in main.cf, which is normally world-readable. Support for this form will be removed in a future Postfix version. OBSOLETE QUERY INTERFACES This section describes query interfaces that are deprecated as of Post- - fix 2.2. Please migrate to the new query interface as the old inter- + fix 2.2. Please migrate to the new query interface as the old inter- faces are slated to be phased out. select_function @@ -262,14 +271,14 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) This is equivalent to: query = SELECT my_lookup_user_alias('%s') - This parameter overrides the legacy table-related fields - (described below). With Postfix versions prior to 2.2, it also - overrides the query parameter. Starting with Postfix 2.2, the - query parameter has highest precedence, and the select_function + This parameter overrides the legacy table-related fields + (described below). With Postfix versions prior to 2.2, it also + overrides the query parameter. Starting with Postfix 2.2, the + query parameter has highest precedence, and the select_function parameter is deprecated. - The following parameters (with lower precedence than the select_func- - tion interface described above) can be used to build the SQL select + The following parameters (with lower precedence than the select_func- + tion interface described above) can be used to build the SQL select statement as follows: SELECT [select_field] @@ -277,13 +286,13 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) WHERE [where_field] = '%s' [additional_conditions] - The specifier %s is replaced with each lookup by the lookup key and is - escaped so if it contains single quotes or other odd characters, it + The specifier %s is replaced with each lookup by the lookup key and is + escaped so if it contains single quotes or other odd characters, it will not cause a parse error, or worse, a security problem. Starting with Postfix 2.2, this interface is obsoleted by the more gen- eral query interface described above. If higher precedence the query or - select_function parameters described above are defined, the parameters + select_function parameters described above are defined, the parameters described here are ignored. select_field diff --git a/postfix/man/man5/mysql_table.5 b/postfix/man/man5/mysql_table.5 index 1aba09ed6..3d29c54a8 100644 --- a/postfix/man/man5/mysql_table.5 +++ b/postfix/man/man5/mysql_table.5 @@ -77,11 +77,11 @@ localhost over TCP you have to specify hosts = 127.0.0.1 .fi -NOTE: if "hosts" specifies one load balancer and no alternative -servers, specify the load balancer multiple times in the -"hosts" line. Without the duplicate info, the Postfix MySQL -client would not reconnect immediately to the same load -balancer after a MySQL server failure. +NOTE: if the \fBhosts\fR setting specifies one load balancer +and no alternative servers, specify the load balancer multiple +times. Without the duplicate info, the Postfix MySQL client +would not reconnect immediately to the same load balancer after +a request failure. .IP "\fBuser\fR" .IP "\fBpassword\fR" The user name and password to log into the mysql server. @@ -112,6 +112,12 @@ This feature is available in Postfix 3.9 and later. The number of seconds that a database connection will be skipped after an error. +NOTE: if the \fBhosts\fR setting specifies one load balancer +and no alternative servers, specify the load balancer multiple +times. Without the duplicate info, the Postfix MySQL client +would not reconnect immediately to the same load balancer after +a request failure. + This feature is available in Postfix 3.9 and later. .IP "\fBquery\fR" The SQL query template used to search the database, where \fB%s\fR diff --git a/postfix/man/man5/pgsql_table.5 b/postfix/man/man5/pgsql_table.5 index 1d0064cf6..ac09444c9 100644 --- a/postfix/man/man5/pgsql_table.5 +++ b/postfix/man/man5/pgsql_table.5 @@ -77,16 +77,15 @@ automatically closed after being idle for about 1 minute, and are re\-opened as necessary. See \fBidle_interval\fR for details. -NOTE: if \fBhosts\fR specifies a PostgreSQL connection URI, -the PostgreSQL client library will ignore the \fBdbname\fR -setting for that connection. +NOTE: if the \fBhosts\fR setting specifies a PostgreSQL connection +URI, the Postfix PostgreSQL client will ignore the \fBdbname\fR, +\fBuser\fR, and \fBpassword\fR settings for that connection. -NOTE: if \fBhosts\fR specifies one load balancer and no -alternative -servers, specify the load balancer multiple times in the -\fBhosts\fR line. Without the duplicate info, the Postfix -PostgreSQL client would not reconnect immediately to the -same load balancer after a PostgreSQL server failure. +NOTE: if the \fBhosts\fR setting specifies one load balancer +and no alternative servers, specify the load balancer multiple +times. Without the duplicate info, the Postfix PostgreSQL client +would not reconnect immediately to the same load balancer after +a request failure. .IP "\fBuser\fR" .IP "\fBpassword\fR" The user name and password to log into the pgsql server. @@ -95,6 +94,9 @@ Example: user = someone password = some_password .fi +.sp +The \fBuser\fR and \fBpassword\fR settings are ignored for +\fBhosts\fR connections that are specified as an URI. .IP "\fBdbname\fR" The database name on the servers. Example: .nf @@ -127,6 +129,12 @@ This feature is available in Postfix 3.9 and later. The number of seconds that a database connection will be skipped after an error. +NOTE: if the \fBhosts\fR setting specifies one load balancer +and no alternative servers, specify the load balancer multiple +times. Without the duplicate info, the Postfix PostgreSQL client +would not reconnect immediately to the same load balancer after +a request failure. + This feature is available in Postfix 3.9 and later. .IP "\fBquery\fR" The SQL query template used to search the database, where \fB%s\fR diff --git a/postfix/proto/mysql_table b/postfix/proto/mysql_table index 4274ed4ea..f0066e9bf 100644 --- a/postfix/proto/mysql_table +++ b/postfix/proto/mysql_table @@ -67,11 +67,11 @@ # hosts = 127.0.0.1 # .fi # -# NOTE: if "hosts" specifies one load balancer and no alternative -# servers, specify the load balancer multiple times in the -# "hosts" line. Without the duplicate info, the Postfix MySQL -# client would not reconnect immediately to the same load -# balancer after a MySQL server failure. +# NOTE: if the \fBhosts\fR setting specifies one load balancer +# and no alternative servers, specify the load balancer multiple +# times. Without the duplicate info, the Postfix MySQL client +# would not reconnect immediately to the same load balancer after +# a request failure. # .IP "\fBuser\fR" # .IP "\fBpassword\fR" # The user name and password to log into the mysql server. @@ -102,6 +102,12 @@ # The number of seconds that a database connection will be # skipped after an error. # +# NOTE: if the \fBhosts\fR setting specifies one load balancer +# and no alternative servers, specify the load balancer multiple +# times. Without the duplicate info, the Postfix MySQL client +# would not reconnect immediately to the same load balancer after +# a request failure. +# # This feature is available in Postfix 3.9 and later. # .IP "\fBquery\fR" # The SQL query template used to search the database, where \fB%s\fR diff --git a/postfix/proto/pgsql_table b/postfix/proto/pgsql_table index e434779a3..0413e3c74 100644 --- a/postfix/proto/pgsql_table +++ b/postfix/proto/pgsql_table @@ -67,16 +67,15 @@ # and are re-opened as necessary. See \fBidle_interval\fR # for details. # -# NOTE: if \fBhosts\fR specifies a PostgreSQL connection URI, -# the PostgreSQL client library will ignore the \fBdbname\fR -# setting for that connection. +# NOTE: if the \fBhosts\fR setting specifies a PostgreSQL connection +# URI, the Postfix PostgreSQL client will ignore the \fBdbname\fR, +# \fBuser\fR, and \fBpassword\fR settings for that connection. # -# NOTE: if \fBhosts\fR specifies one load balancer and no -# alternative -# servers, specify the load balancer multiple times in the -# \fBhosts\fR line. Without the duplicate info, the Postfix -# PostgreSQL client would not reconnect immediately to the -# same load balancer after a PostgreSQL server failure. +# NOTE: if the \fBhosts\fR setting specifies one load balancer +# and no alternative servers, specify the load balancer multiple +# times. Without the duplicate info, the Postfix PostgreSQL client +# would not reconnect immediately to the same load balancer after +# a request failure. # .IP "\fBuser\fR" # .IP "\fBpassword\fR" # The user name and password to log into the pgsql server. @@ -85,6 +84,9 @@ # user = someone # password = some_password # .fi +# .sp +# The \fBuser\fR and \fBpassword\fR settings are ignored for +# \fBhosts\fR connections that are specified as an URI. # .IP "\fBdbname\fR" # The database name on the servers. Example: # .nf @@ -117,6 +119,12 @@ # The number of seconds that a database connection will be # skipped after an error. # +# NOTE: if the \fBhosts\fR setting specifies one load balancer +# and no alternative servers, specify the load balancer multiple +# times. Without the duplicate info, the Postfix PostgreSQL client +# would not reconnect immediately to the same load balancer after +# a request failure. +# # This feature is available in Postfix 3.9 and later. # .IP "\fBquery\fR" # The SQL query template used to search the database, where \fB%s\fR diff --git a/postfix/proto/stop b/postfix/proto/stop index 17efcfae1..ea642a3f0 100644 --- a/postfix/proto/stop +++ b/postfix/proto/stop @@ -1653,3 +1653,4 @@ ipaddr STS hs ccformat +xxsql diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index eb01b3a57..be2eede2a 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20241025" +#define MAIL_RELEASE_DATE "20241027" #define MAIL_VERSION_NUMBER "3.10" #ifdef SNAPSHOT diff --git a/postfix/src/xsasl/xsasl_dovecot_server.c b/postfix/src/xsasl/xsasl_dovecot_server.c index 4a0c085cc..ac93a2da9 100644 --- a/postfix/src/xsasl/xsasl_dovecot_server.c +++ b/postfix/src/xsasl/xsasl_dovecot_server.c @@ -297,6 +297,7 @@ static int xsasl_dovecot_server_connect(XSASL_DOVECOT_SERVER_IMPL *xp) (unsigned int) getpid()); if (vstream_fflush(sasl_stream) == VSTREAM_EOF) { msg_warn("SASL: Couldn't send handshake: %m"); + (void) vstream_fclose(sasl_stream); return (-1); } success = 0;