postfix-2.5.1-RC1

postfix/HISTORY

@@ -14277,3 +14277,26 @@ Apologies for any names omitted.
 	to mumble_destination_rate_delay, because it really is a
 	per-destination feature. With this change we keep the option
 	of implementing a future per-transport rate delay.
+
+20080125
+
+	Bugfix (introduced 20071216): missing {} in the LDAP client
+	broke OpenLDAP TLS.  The setting tls_require_cert=no was
+	further broken because Postfix used OpenLDAP incorrectly.
+	Victor Duchovni.  This broke tls_require_cert=no File:
+	global/dict_ldap.c.
+
+20080130
+
+	Bugfix (introduced 20071204): wrong proxywrite process limit
+	in the default master.cf file.  File: conf/master.cf.
+
+20080201
+
+	Workaround: pick up a missing data_directory setting from
+	main.cf when "postfix start" is invoked with an obsolete
+	postfix command. File: conf/post-install.
+
+	Workaround (introduced 20071204): update the wrong proxywrite
+	process limit when upgrading an already installed default
+	master.cf file.  File: conf/post-install.

postfix/README_FILES/QSHAPE_README

@@ -400,7 +400,7 @@ delivery attempts.
             slow      unix     -       -       n       -       1    smtp
                 -o fallback_relay=problem.example.com
                 -o smtp_connect_timeout=1
-                -o smtp_cache_connection=no
+                -o smtp_connection_cache_on_demand=no
 
     This solution forces the Postfix smtp(8) client to wait for
     $smtp_connect_timeout seconds between deliveries. The connection caching

postfix/conf/master.cf

@@ -32,7 +32,7 @@ trace     unix  -       -       n       -       0       bounce
 verify    unix  -       -       n       -       1       verify
 flush     unix  n       -       n       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
-proxywrite unix -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
 smtp      unix  -       -       n       -       -       smtp
 # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
 relay     unix  -       -       n       -       -       smtp

postfix/conf/post-install

@@ -141,6 +141,8 @@
 #	directory should be in the command search path of adminstrative users.
 # .IP queue_directory
 #	The directory for Postfix queues.
+# .IP data_directory
+#	The directory for Postfix writable data files (caches, etc.).
 # .IP sendmail_path
 #	The full pathname for the Postfix sendmail command.
 #	This is the Sendmail-compatible mail posting interface.
@@ -164,6 +166,7 @@
 #	The directory for the Postfix on-line manual pages.
 # .IP sample_directory
 #	The directory for the Postfix sample configuration files.
+#	This feature is obsolete as of Postfix 2.1.
 # .IP readme_directory
 #	The directory for the Postfix README files.
 # SEE ALSO
@@ -190,6 +193,10 @@ SHELL=/bin/sh
 IFS=" 	
 "
 BACKUP_IFS="$IFS"
+MOST_PARAMETERS="command_directory daemon_directory data_directory
+    html_directory mail_owner mailq_path manpage_directory
+    newaliases_path queue_directory readme_directory sample_directory
+    sendmail_path setgid_group"
 
 USAGE="Usage: $0 [name=value] command
     create-missing          Create missing queue directories.
@@ -302,9 +309,7 @@ grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || {
 # Extract parameter settings from the installed main.cf file.
 
 test -f $config_directory/main.cf && {
-    for name in daemon_directory command_directory queue_directory mail_owner \
+    for name in $MOST_PARAMETERS
-        setgid_group sendmail_path newaliases_path mailq_path \
-	html_directory manpage_directory sample_directory readme_directory
     do
 	eval junk=\$$name
         case "$junk" in
@@ -348,9 +353,7 @@ done
 # via environment, or via installed configuration files.
 
 missing=
-for name in daemon_directory command_directory queue_directory mail_owner \
+for name in $MOST_PARAMETERS
-    setgid_group sendmail_path newaliases_path mailq_path manpage_directory \
-    readme_directory html_directory
 do
     eval test -n \"\$$name\" || missing="$missing $name"
 done
@@ -383,9 +386,7 @@ POSTCONF="$command_directory/postconf"
 # Save settings, allowing command line/environment override.
 
 override=
-for name in daemon_directory command_directory queue_directory mail_owner \
+for name in $MOST_PARAMETERS
-    setgid_group sendmail_path newaliases_path mailq_path manpage_directory \
-    sample_directory readme_directory html_directory
 do
     eval test \"\$$name\" = \"`$POSTCONF -c $config_directory -h $name`\" || {
 	override=1
@@ -398,6 +399,7 @@ test -n "$override" && {
 	"daemon_directory = $daemon_directory" \
 	"command_directory = $command_directory" \
 	"queue_directory = $queue_directory" \
+	"data_directory = $data_directory" \
 	"mail_owner = $mail_owner" \
 	"setgid_group = $setgid_group" \
 	"sendmail_path = $sendmail_path" \
@@ -668,6 +670,19 @@ proxywrite unix -       -       n       -       1       proxymap
 EOF
     }
 
+    # Fix a typo in the default master.cf proxywrite entry.
+
+    grep '^proxywrite.*-[ 	]*proxymap' $config_directory/master.cf >/dev/null && {
+	echo Editing $config_directory/master.cf, setting proxywrite process limit to 1
+	    ed $config_directory/master.cf <<EOF || exit 1
+/^proxywrite.*-[       ]*proxymap/
+s/-\([ 	]*proxymap\)/1\1/
+p
+w
+q
+EOF
+    }
+
     # Report (but do not remove) obsolete files.
 
     test -n "$obsolete" && {

postfix/html/QSHAPE_README.html

@@ -547,7 +547,7 @@ problem destination as the <a href="postconf.5.html#fallback_relay">fallback_rel
     slow      unix     -       -       n       -       1    smtp
         -o <a href="postconf.5.html#fallback_relay">fallback_relay</a>=problem.example.com
         -o <a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a>=1
-        -o smtp_cache_connection=no
+        -o <a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a>=no
 </pre>
 
 </ul>

postfix/proto/QSHAPE_README.html

@@ -547,7 +547,7 @@ smtp_connect_timeout value. </p>
     slow      unix     -       -       n       -       1    smtp
         -o fallback_relay=problem.example.com
         -o smtp_connect_timeout=1
-        -o smtp_cache_connection=no
+        -o smtp_connection_cache_on_demand=no
 </pre>
 
 </ul>

postfix/src/global/dict_ldap.c

@@ -488,58 +488,63 @@ static int dict_ldap_set_tls_options(DICT_LDAP *dict_ldap)
     if (dict_ldap->start_tls || dict_ldap->ldap_ssl) {
 	if (*dict_ldap->tls_random_file) {
 	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_RANDOM_FILE,
-			       dict_ldap->tls_random_file)) != LDAP_SUCCESS)
+			       dict_ldap->tls_random_file)) != LDAP_SUCCESS) {
 		msg_warn("%s: Unable to set tls_random_file to %s: %d: %s",
 			 myname, dict_ldap->tls_random_file,
 			 rc, ldap_err2string(rc));
-	    return (-1);
+		return (-1);
+	    }
 	}
 	if (*dict_ldap->tls_ca_cert_file) {
 	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE,
-			      dict_ldap->tls_ca_cert_file)) != LDAP_SUCCESS)
+			      dict_ldap->tls_ca_cert_file)) != LDAP_SUCCESS) {
 		msg_warn("%s: Unable to set tls_ca_cert_file to %s: %d: %s",
 			 myname, dict_ldap->tls_ca_cert_file,
 			 rc, ldap_err2string(rc));
-	    return (-1);
+		return (-1);
+	    }
 	}
 	if (*dict_ldap->tls_ca_cert_dir) {
 	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR,
-			       dict_ldap->tls_ca_cert_dir)) != LDAP_SUCCESS)
+			       dict_ldap->tls_ca_cert_dir)) != LDAP_SUCCESS) {
 		msg_warn("%s: Unable to set tls_ca_cert_dir to %s: %d: %s",
 			 myname, dict_ldap->tls_ca_cert_dir,
 			 rc, ldap_err2string(rc));
-	    return (-1);
+		return (-1);
+	    }
 	}
 	if (*dict_ldap->tls_cert) {
 	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE,
-				      dict_ldap->tls_cert)) != LDAP_SUCCESS)
+				      dict_ldap->tls_cert)) != LDAP_SUCCESS) {
 		msg_warn("%s: Unable to set tls_cert to %s: %d: %s",
 			 myname, dict_ldap->tls_cert,
 			 rc, ldap_err2string(rc));
-	    return (-1);
+		return (-1);
+	    }
 	}
 	if (*dict_ldap->tls_key) {
 	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE,
-				      dict_ldap->tls_key)) != LDAP_SUCCESS)
+				      dict_ldap->tls_key)) != LDAP_SUCCESS) {
 		msg_warn("%s: Unable to set tls_key to %s: %d: %s",
 			 myname, dict_ldap->tls_key,
 			 rc, ldap_err2string(rc));
-	    return (-1);
+		return (-1);
+	    }
 	}
 	if (*dict_ldap->tls_cipher_suite) {
 	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
-			      dict_ldap->tls_cipher_suite)) != LDAP_SUCCESS)
+			      dict_ldap->tls_cipher_suite)) != LDAP_SUCCESS) {
 		msg_warn("%s: Unable to set tls_cipher_suite to %s: %d: %s",
 			 myname, dict_ldap->tls_cipher_suite,
 			 rc, ldap_err2string(rc));
-	    return (-1);
+		return (-1);
+	    }
 	}
-	if (dict_ldap->tls_require_cert) {
+	if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
-	    if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
+		       &(dict_ldap->tls_require_cert))) != LDAP_SUCCESS) {
-			   &(dict_ldap->tls_require_cert))) != LDAP_SUCCESS)
+	    msg_warn("%s: Unable to set tls_require_cert to %d: %d: %s",
-		msg_warn("%s: Unable to set tls_require_cert to %d: %d: %s",
+		     myname, dict_ldap->tls_require_cert,
-			 myname, dict_ldap->tls_require_cert,
+		     rc, ldap_err2string(rc));
-			 rc, ldap_err2string(rc));
 	    return (-1);
 	}
     }

postfix/src/global/mail_version.h

@@ -21,7 +21,7 @@
   * patchlevel; they change the release date only.
   */
 #define MAIL_RELEASE_DATE	"20080123"
-#define MAIL_VERSION_NUMBER	"2.5.0"
+#define MAIL_VERSION_NUMBER	"2.5.1-RC1"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE