postfix-3.10-20241027

postfix/HISTORY

@@ -28447,3 +28447,23 @@ Apologies for any names omitted.
 	is allowed). The dbname setting is now optional if the hosts
 	setting specifies only URIs. Files: util/valid_uri_scheme.[hc],
 	proto/pgsql_table.
+
+202141026
+
+	Documentation: updated the pgsql_table manpage that the
+	"user" and "password" settings  are also ignored when a
+	"hosts" setting specifies an URI.  File: proto/pgsql_table.
+
+	Documentation: updated text for how to handle retries with a
+	load balancer. Files: proto/pgsql_table, proto/mysql_table.
+
+20241027
+
+	Bugfix (defect introduced: Postfix 2.3, date 20051222):
+	file descriptor leak after failure to connect to a Dovecot
+	auth server. The impact is limited because there are limits
+	on the number of retries (one), on the number of errors per
+	SMTP session (smtpd_hard_error_limit), on the number
+	of sessions per SMTP server process (max_use), and on the
+	number file handles per process (managed with sysctl).
+	File: xsasl/xsasl_dovecot_server.c.

postfix/html/mysql_table.5.html

@@ -61,11 +61,11 @@ MYSQL_TABLE(5)                                                  MYSQL_TABLE(5)
               TCP you have to specify
                   hosts = 127.0.0.1
 
-              NOTE:  if "hosts" specifies one load balancer and no alternative
+              NOTE:  if  the  <b>hosts</b> setting specifies one load balancer and no
-              servers, specify the load balancer multiple times in the "hosts"
+              alternative servers, specify the load balancer  multiple  times.
-              line. Without the duplicate info, the Postfix MySQL client would
+              Without  the  duplicate info, the Postfix MySQL client would not
-              not reconnect immediately to the  same  load  balancer  after  a
+              reconnect immediately to the same load balancer after a  request
-              MySQL server failure.
+              failure.
 
        <b>user</b>
 
@@ -96,6 +96,12 @@ MYSQL_TABLE(5)                                                  MYSQL_TABLE(5)
               The number of seconds that a database connection will be skipped
               after an error.
 
+              NOTE:  if  the  <b>hosts</b> setting specifies one load balancer and no
+              alternative servers, specify the load balancer  multiple  times.
+              Without  the  duplicate info, the Postfix MySQL client would not
+              reconnect immediately to the same load balancer after a  request
+              failure.
+
               This feature is available in Postfix 3.9 and later.
 
        <b>query</b>  The  SQL query template used to search the database, where <b>%s</b> is

postfix/html/pgsql_table.5.html

@@ -61,15 +61,15 @@ PGSQL_TABLE(5)                                                  PGSQL_TABLE(5)
               matically  closed  after  being idle for about 1 minute, and are
               re-opened as necessary. See <b>idle_interval</b> for details.
 
-              NOTE: if <b>hosts</b> specifies a PostgreSQL connection URI, the  Post-
+              NOTE: if the <b>hosts</b> setting  specifies  a  PostgreSQL  connection
-              greSQL  client  library  will ignore the <b>dbname</b> setting for that
+              URI, the Postfix PostgreSQL client will ignore the <b>dbname</b>, <b>user</b>,
-              connection.
+              and <b>password</b> settings for that connection.
 
-              NOTE: if <b>hosts</b> specifies one load balancer  and  no  alternative
+              NOTE: if the <b>hosts</b> setting specifies one load  balancer  and  no
-              servers,  specify  the load balancer multiple times in the <b>hosts</b>
+              alternative  servers,  specify the load balancer multiple times.
-              line. Without the duplicate info, the Postfix PostgreSQL  client
+              Without the duplicate info, the Postfix PostgreSQL client  would
-              would  not reconnect immediately to the same load balancer after
+              not  reconnect  immediately  to  the  same load balancer after a
-              a PostgreSQL server failure.
+              request failure.
 
        <b>user</b>
 
@@ -79,6 +79,9 @@ PGSQL_TABLE(5)                                                  PGSQL_TABLE(5)
                   user = someone
                   password = some_password
 
+              The <b>user</b> and <b>password</b> settings are ignored for <b>hosts</b> connections
+              that are specified as an URI.
+
        <b>dbname</b> The database name on the servers. Example:
                   dbname = customer_database
 
@@ -109,6 +112,12 @@ PGSQL_TABLE(5)                                                  PGSQL_TABLE(5)
               The number of seconds that a database connection will be skipped
               after an error.
 
+              NOTE:  if  the  <b>hosts</b> setting specifies one load balancer and no
+              alternative servers, specify the load balancer  multiple  times.
+              Without  the duplicate info, the Postfix PostgreSQL client would
+              not reconnect immediately to the  same  load  balancer  after  a
+              request failure.
+
               This feature is available in Postfix 3.9 and later.
 
        <b>query</b>  The  SQL query template used to search the database, where <b>%s</b> is

postfix/man/man5/mysql_table.5

@@ -77,11 +77,11 @@ localhost over TCP you have to specify
     hosts = 127.0.0.1
 .fi
 
-NOTE: if "hosts" specifies one load balancer and no alternative
+NOTE: if the \fBhosts\fR setting specifies one load balancer
-servers, specify the load balancer multiple times in the
+and no alternative servers, specify the load balancer multiple
-"hosts" line. Without the duplicate info, the Postfix MySQL
+times. Without the duplicate info, the Postfix MySQL client
-client would not reconnect immediately to the same load
+would not reconnect immediately to the same load balancer after
-balancer after a MySQL server failure.
+a request failure.
 .IP "\fBuser\fR"
 .IP "\fBpassword\fR"
 The user name and password to log into the mysql server.
@@ -112,6 +112,12 @@ This feature is available in Postfix 3.9 and later.
 The number of seconds that a database connection will be
 skipped after an error.
 
+NOTE: if the \fBhosts\fR setting specifies one load balancer
+and no alternative servers, specify the load balancer multiple
+times. Without the duplicate info, the Postfix MySQL client
+would not reconnect immediately to the same load balancer after
+a request failure.
+
 This feature is available in Postfix 3.9 and later.
 .IP "\fBquery\fR"
 The SQL query template used to search the database, where \fB%s\fR

postfix/man/man5/pgsql_table.5

@@ -77,16 +77,15 @@ automatically closed after being idle for about 1 minute,
 and are re\-opened as necessary. See \fBidle_interval\fR
 for details.
 
-NOTE: if \fBhosts\fR specifies a PostgreSQL connection URI,
+NOTE: if the \fBhosts\fR setting specifies a PostgreSQL connection
-the PostgreSQL client library will ignore the \fBdbname\fR
+URI, the Postfix PostgreSQL client will ignore the \fBdbname\fR,
-setting for that connection.
+\fBuser\fR, and \fBpassword\fR settings for that connection.
 
-NOTE: if \fBhosts\fR specifies one load balancer and no
+NOTE: if the \fBhosts\fR setting specifies one load balancer
-alternative
+and no alternative servers, specify the load balancer multiple
-servers, specify the load balancer multiple times in the
+times. Without the duplicate info, the Postfix PostgreSQL client
-\fBhosts\fR line. Without the duplicate info, the Postfix
+would not reconnect immediately to the same load balancer after
-PostgreSQL client would not reconnect immediately to the
+a request failure.
-same load balancer after a PostgreSQL server failure.
 .IP "\fBuser\fR"
 .IP "\fBpassword\fR"
 The user name and password to log into the pgsql server.
@@ -95,6 +94,9 @@ Example:
     user = someone
     password = some_password
 .fi
+.sp
+The \fBuser\fR and \fBpassword\fR settings are ignored for
+\fBhosts\fR connections that are specified as an URI.
 .IP "\fBdbname\fR"
 The database name on the servers. Example:
 .nf
@@ -127,6 +129,12 @@ This feature is available in Postfix 3.9 and later.
 The number of seconds that a database connection will be
 skipped after an error.
 
+NOTE: if the \fBhosts\fR setting specifies one load balancer
+and no alternative servers, specify the load balancer multiple
+times. Without the duplicate info, the Postfix PostgreSQL client
+would not reconnect immediately to the same load balancer after
+a request failure.
+
 This feature is available in Postfix 3.9 and later.
 .IP "\fBquery\fR"
 The SQL query template used to search the database, where \fB%s\fR

postfix/proto/mysql_table

@@ -67,11 +67,11 @@
 #	    hosts = 127.0.0.1
 # .fi
 #
-#	NOTE: if "hosts" specifies one load balancer and no alternative
+#	NOTE: if the \fBhosts\fR setting specifies one load balancer
-#	servers, specify the load balancer multiple times in the
+#	and no alternative servers, specify the load balancer multiple
-#	"hosts" line. Without the duplicate info, the Postfix MySQL
+#	times. Without the duplicate info, the Postfix MySQL client
-#	client would not reconnect immediately to the same load
+#	would not reconnect immediately to the same load balancer after
-#	balancer after a MySQL server failure.
+#	a request failure.
 # .IP "\fBuser\fR"
 # .IP "\fBpassword\fR"
 #	The user name and password to log into the mysql server.
@@ -102,6 +102,12 @@
 #	The number of seconds that a database connection will be
 #	skipped after an error.
 #
+#	NOTE: if the \fBhosts\fR setting specifies one load balancer
+#	and no alternative servers, specify the load balancer multiple
+#	times. Without the duplicate info, the Postfix MySQL client
+#	would not reconnect immediately to the same load balancer after
+#	a request failure.
+#
 #	This feature is available in Postfix 3.9 and later.
 # .IP "\fBquery\fR"
 #	The SQL query template used to search the database, where \fB%s\fR

postfix/proto/pgsql_table

@@ -67,16 +67,15 @@
 #	and are re-opened as necessary. See \fBidle_interval\fR
 #	for details.
 #
-#	NOTE: if \fBhosts\fR specifies a PostgreSQL connection URI,
+#	NOTE: if the \fBhosts\fR setting specifies a PostgreSQL connection
-#	the PostgreSQL client library will ignore the \fBdbname\fR
+#	URI, the Postfix PostgreSQL client will ignore the \fBdbname\fR,
-#	setting for that connection.
+#	\fBuser\fR, and \fBpassword\fR settings for that connection.
 #
-#	NOTE: if \fBhosts\fR specifies one load balancer and no
+#	NOTE: if the \fBhosts\fR setting specifies one load balancer
-#	alternative
+#	and no alternative servers, specify the load balancer multiple
-#	servers, specify the load balancer multiple times in the
+#	times. Without the duplicate info, the Postfix PostgreSQL client
-#	\fBhosts\fR line. Without the duplicate info, the Postfix
+#	would not reconnect immediately to the same load balancer after
-#	PostgreSQL client would not reconnect immediately to the
+#	a request failure.
-#	same load balancer after a PostgreSQL server failure.
 # .IP "\fBuser\fR"
 # .IP "\fBpassword\fR"
 #	The user name and password to log into the pgsql server.
@@ -85,6 +84,9 @@
 #	    user = someone
 #	    password = some_password
 # .fi
+# .sp
+#	The \fBuser\fR and \fBpassword\fR settings are ignored for
+#	\fBhosts\fR connections that are specified as an URI.
 # .IP "\fBdbname\fR"
 #	The database name on the servers. Example:
 # .nf
@@ -117,6 +119,12 @@
 #	The number of seconds that a database connection will be
 #	skipped after an error.
 #
+#	NOTE: if the \fBhosts\fR setting specifies one load balancer
+#	and no alternative servers, specify the load balancer multiple
+#	times. Without the duplicate info, the Postfix PostgreSQL client
+#	would not reconnect immediately to the same load balancer after
+#	a request failure.
+#
 #	This feature is available in Postfix 3.9 and later.
 # .IP "\fBquery\fR"
 #	The SQL query template used to search the database, where \fB%s\fR

postfix/proto/stop

@@ -1653,3 +1653,4 @@ ipaddr
 STS
 hs
 ccformat
+xxsql

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20241025"
+#define MAIL_RELEASE_DATE	"20241027"
 #define MAIL_VERSION_NUMBER	"3.10"
 
 #ifdef SNAPSHOT

postfix/src/xsasl/xsasl_dovecot_server.c

@@ -297,6 +297,7 @@ static int xsasl_dovecot_server_connect(XSASL_DOVECOT_SERVER_IMPL *xp)
 		    (unsigned int) getpid());
     if (vstream_fflush(sasl_stream) == VSTREAM_EOF) {
 	msg_warn("SASL: Couldn't send handshake: %m");
+	(void) vstream_fclose(sasl_stream);
 	return (-1);
     }
     success = 0;