From f8a6a51f2253d84a5ddef446310f82c88429a5e0 Mon Sep 17 00:00:00 2001
From: Wietse Z Venema <wietse@porcupine.org>
Date: Tue, 4 Mar 2025 00:00:00 -0500
Subject: [PATCH] postfix-3.11-20250304

---
 postfix/HISTORY                          | 13 ++++++++++++
 postfix/proto/stop.spell-history         |  2 ++
 postfix/src/global/mail_version.h        |  2 +-
 postfix/src/smtpd/smtpd_peer.c           | 25 +++++++++++++++++-------
 postfix/src/xsasl/xsasl_dovecot_server.c |  3 +++
 5 files changed, 37 insertions(+), 8 deletions(-)

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 2cae52077..955c282ad 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -29002,3 +29002,16 @@ Apologies for any names omitted.
 	default smtp_tls_dane_insecure_mx_policy setting resulted in
 	unnecessary 'dnssec_probe' warnings, on systems that disable
 	DNSSEC lookups (the default). File: smtp/smtp_addr.c.
+
+20250227
+
+	Improve and correct warning messages when converting (host
+	or service) information to (symbolic text, numerical text,
+	or binary) form. File: util/myaddrinfo.c.
+
+20250304
+
+	Bugfix (defect introduced: Postfix 2.3, date 20051222): the
+	Dovecot auth client did not attempt to create a new connection
+	after an I/O error on an existing connection. Reported by
+	Oleksandr Kozmenko. File: xsasl/xsasl_dovecot_server.c.
diff --git a/postfix/proto/stop.spell-history b/postfix/proto/stop.spell-history
index 21e6c9967..1b85ee768 100644
--- a/postfix/proto/stop.spell-history
+++ b/postfix/proto/stop.spell-history
@@ -102,3 +102,5 @@ Schulze
 tlspol
 Gueven
 Oemer
+Kozmenko
+Oleksandr
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index f1ebb226f..5996ab330 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20250223"
+#define MAIL_RELEASE_DATE	"20250304"
 #define MAIL_VERSION_NUMBER	"3.11"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/smtpd/smtpd_peer.c b/postfix/src/smtpd/smtpd_peer.c
index 838af9cb9..468732d30 100644
--- a/postfix/src/smtpd/smtpd_peer.c
+++ b/postfix/src/smtpd/smtpd_peer.c
@@ -217,8 +217,13 @@ static int smtpd_peer_sockaddr_to_hostaddr(SMTPD_STATE *state)
 	 */
 	if ((aierr = sockaddr_to_hostaddr(sa, sa_length, &client_addr,
 					  &client_port, 0)) != 0)
-	    msg_fatal("%s: cannot convert client address/port to string: %s",
-		      myname, MAI_STRERROR(aierr));
+	    msg_fatal("%s: cannot convert client sockaddr type %s length %ld "
+		      "to string: %s", myname,
+#ifdef AF_INET6
+		      sa->sa_family == AF_INET6 ? "AF_INET6" :
+#endif
+		      sa->sa_family == AF_INET ? "AF_INET" : "other",
+		      (long) sa_length, MAI_STRERROR(aierr));
 	state->port = mystrdup(client_port.buf);
 
 	/*
@@ -299,9 +304,15 @@ static int smtpd_peer_sockaddr_to_hostaddr(SMTPD_STATE *state)
 					  state->dest_sockaddr_len,
 					  &server_addr,
 					  &server_port, 0)) != 0)
-	    msg_fatal("%s: cannot convert server address/port to string: %s",
-		      myname, MAI_STRERROR(aierr));
-	/* TODO: convert IPv4-in-IPv6 to IPv4 form. */
+	    /* TODO: convert IPv4-in-IPv6 to IPv4 form. */
+	    msg_fatal("%s: cannot convert server sockaddr type %s length %ld "
+		    "to string: %s", myname,
+#ifdef AF_INET6
+		   state->dest_sockaddr.ss_family == AF_INET6 ? "AF_INET6" :
+#endif
+		      state->dest_sockaddr.ss_family == AF_INET ? "AF_INET" :
+		      "other", (long) state->dest_sockaddr_len,
+		      MAI_STRERROR(aierr));
 	state->dest_addr = mystrdup(server_addr.buf);
 	state->dest_port = mystrdup(server_port.buf);
 
@@ -409,8 +420,8 @@ static void smtpd_peer_hostaddr_to_sockaddr(SMTPD_STATE *state)
 
     if ((aierr = hostaddr_to_sockaddr(state->addr, state->port,
 				      SOCK_STREAM, &res)) != 0)
-	msg_fatal("%s: cannot convert client address/port to string: %s",
-		  myname, MAI_STRERROR(aierr));
+	msg_fatal("%s: cannot convert client address '%s' port '%s' to binary: %s",
+		  myname, state->addr, state->port, MAI_STRERROR(aierr));
     if (res->ai_addrlen > sizeof(state->sockaddr))
 	msg_panic("%s: address length > struct sockaddr_storage", myname);
     memcpy((void *) &(state->sockaddr), res->ai_addr, res->ai_addrlen);
diff --git a/postfix/src/xsasl/xsasl_dovecot_server.c b/postfix/src/xsasl/xsasl_dovecot_server.c
index 71fe09a52..e9c16466c 100644
--- a/postfix/src/xsasl/xsasl_dovecot_server.c
+++ b/postfix/src/xsasl/xsasl_dovecot_server.c
@@ -617,6 +617,7 @@ static int xsasl_dovecot_handle_reply(XSASL_DOVECOT_SERVER *server,
     }
 
     vstring_strcpy(reply, "Connection lost to authentication server");
+    xsasl_dovecot_server_disconnect(server->impl);
     return XSASL_AUTH_TEMP;
 }
 
@@ -707,6 +708,7 @@ int     xsasl_dovecot_server_first(XSASL_SERVER *xp, const char *sasl_method,
 
 	if (i == 1) {
 	    vstring_strcpy(reply, "Can't connect to authentication server");
+	    xsasl_dovecot_server_disconnect(server->impl);
 	    return XSASL_AUTH_TEMP;
 	}
 
@@ -735,6 +737,7 @@ static int xsasl_dovecot_server_next(XSASL_SERVER *xp, const char *request,
 		    "CONT\t%u\t%s\n", server->last_request_id, request);
     if (vstream_fflush(server->impl->sasl_stream) == VSTREAM_EOF) {
 	vstring_strcpy(reply, "Connection lost to authentication server");
+	xsasl_dovecot_server_disconnect(server->impl);
 	return XSASL_AUTH_TEMP;
     }
     return xsasl_dovecot_handle_reply(server, reply);