Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/VENEMA]: src/external/ibm-public/postfix/dist Postfix versions 3.5.2, 3....
details: https://anonhg.NetBSD.org/src/rev/9129b594eed9
branches: VENEMA
changeset: 933512:9129b594eed9
user: christos <christos%NetBSD.org@localhost>
date: Mon May 25 23:40:25 2020 +0000
description:
Postfix versions 3.5.2, 3.4.12, 3.3.10, 3.2.15:
A TLS error for a database client caused a false 'lost connection'
error for an SMTP over TLS session in the same Postfix process.
Reported by Alexander Vasarab, diagnosed by Viktor Dukhovni. This
bug was introduced with Postfix 2.2.
The same bug existed in the tlsproxy(8) daemon, where a TLS error
for one TLS session could cause a false 'lost connection' error
for a concurrent TLS session in the same process. This bug was
introduced with Postfix 2.8.
The Postfix build now disables DANE support on Linux systems with
libc-musl such as Alpine, because libc-musl provides no indication
whether DNS responses are authentic. This broke DANE support without
a clear explanation.
Due to implementation changes in the ICU library, some Postfix
daemons reported file access errrors (U_FILE_ACCESS_ERROR) after
chroot(). This was fixed by initializing the ICU library before
making the chroot() call.
Minor code changes to silence a compiler that special-cases string literals.
Postfix 3.5.2, 3.4.12:
Segfault (null pointer) in the tlsproxy(8) client role when the
server role was disabled. This typically happened on systems that
do not receive mail, after configuring connection reuse for outbound
SMTP over TLS.
The date portion of the maillog_file_rotate_suffix default value
used the minute (%M) instead of the month (%m). Reported by Larry
Stone.
Postfix versions 3.5.1, 3.4.11, 3.3.9, 3.2.14:
Bitrot workaround for broken builds after an incompatible change in GCC 10.
Bitrot workaround for broken DANE/DNSSEC support after an incompatible
change in GLIBC 2.31. This change avoids the need for new options
in /etc/resolv.conf.
Postfix 3.3.9, 3.2.14:
Bitrot workarounds for Linux 5 and GLIBC resolver flags.
diffstat:
external/ibm-public/postfix/dist/HISTORY | 68 +++++++++++-
external/ibm-public/postfix/dist/Makefile.in | 2 +-
external/ibm-public/postfix/dist/README_FILES/MAILLOG_README | 2 +-
external/ibm-public/postfix/dist/README_FILES/RELEASE_NOTES | 8 +
external/ibm-public/postfix/dist/RELEASE_NOTES | 8 +
external/ibm-public/postfix/dist/html/MAILLOG_README.html | 2 +-
external/ibm-public/postfix/dist/html/postconf.5.html | 2 +-
external/ibm-public/postfix/dist/html/postfix.1.html | 2 +-
external/ibm-public/postfix/dist/makedefs | 15 ++-
external/ibm-public/postfix/dist/man/man1/postfix.1 | 4 +-
external/ibm-public/postfix/dist/man/man5/postconf.5 | 4 +-
external/ibm-public/postfix/dist/proto/MAILLOG_README.html | 2 +-
external/ibm-public/postfix/dist/proto/postconf.proto | 2 +-
external/ibm-public/postfix/dist/src/dns/dns.h | 6 +-
external/ibm-public/postfix/dist/src/dns/dns_lookup.c | 9 +-
external/ibm-public/postfix/dist/src/global/mail_params.c | 4 +-
external/ibm-public/postfix/dist/src/global/mail_params.h | 4 +-
external/ibm-public/postfix/dist/src/global/mail_version.h | 6 +-
external/ibm-public/postfix/dist/src/milter/milter.c | 12 +-
external/ibm-public/postfix/dist/src/postfix/postfix.c | 4 +-
external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c | 18 +-
external/ibm-public/postfix/dist/src/tls/tls_bio_ops.c | 9 +-
external/ibm-public/postfix/dist/src/tls/tls_session.c | 4 +-
external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.c | 32 ++++-
external/ibm-public/postfix/dist/src/util/midna_domain.c | 28 ++++-
external/ibm-public/postfix/dist/src/util/midna_domain.h | 3 +-
26 files changed, 210 insertions(+), 50 deletions(-)
diffs (truncated from 700 to 300 lines):
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/HISTORY
--- a/external/ibm-public/postfix/dist/HISTORY Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/HISTORY Mon May 25 23:40:25 2020 +0000
@@ -24663,7 +24663,7 @@
Usability: the Postfix SMTP server now logs a warning when
a configuration requests access control by client certificate,
- but "smtpd_tls_ask_clientcert = no". Files: proto/postconf.proto,
+ but "smtpd_tls_ask_ccert = no". Files: proto/postconf.proto,
smtpd/smtpd_check.c.
20200316
@@ -24671,3 +24671,69 @@
Removed the issuer_cn and subject_cn matches from
check_ccert_access. Files: smtpd/smtpd_check.c,
proto/postconf.proto.
+
+20200416
+
+ Workaround for broken builds after an incompatible change
+ in GCC 10. Files: makedefs, Makefile.in.
+
+ Workaround for broken DANE support after an incompatible
+ change in GLIBC 2.31. This avoids the need for new options
+ in /etc/resolv.conf. Files: dns/dns.h, dns/dns_lookup.c.
+
+20200419
+
+ Bugfix: segfault in the tlsproxy client role when the server
+ role was disabled. This typically happens on systems that
+ do not receive mail, after configuring connection reuse for
+ outbound TLS. Found during program maintenance. File:
+ tlsproxy/tlsproxy.c.
+
+20200420
+
+ Noise suppression: shut up a compiler that special-cases
+ string literals. Viktor Dukhovni. File milter/milter.c.
+
+20200422
+
+ Security: disable DANE support on Alpine Linux because
+ libc-musl provides no indication whether DNS responses are
+ authentic. This broke DANE support without a clear explanation.
+ File: makedefs.
+
+20200505
+
+ Noise suppression: shut up a compiler that special-cases
+ string literals. Viktor Dukhovni. File smtpd/smtpd_check.c.
+
+20200509
+
+ Bugfix (introduced: Postfix 3.5): maillog_file_rotate_suffix
+ default value used the minute instead of the month. Reported
+ by Larry Stone. Files: conf/postfix-tls-script,
+ proto/MAILLOG_README.html, proto/postconf.proto.
+ global/mail_params.h, postfix/postfix.c.
+
+20200510
+
+ Bitrot: avoid U_FILE_ACCESS_ERROR after chroot(), by
+ initializing the ICU library before making the chroot()
+ call. Files: util/midna_domain.[hc], global/mail_params.c.
+
+20200511
+
+ Noise suppression: avoid "SSL_Shutdown:shutdown while in
+ init" warnings. File: tls/tls_session.c.
+
+20200515
+
+ Bugfix (introduced: Postfix 2.2): a TLS error for a PostgreSQL
+ client caused a false 'lost connection' error for an SMTP
+ over TLS session in the same Postfix process. Reported by
+ Alexander Vasarab, diagnosed by Viktor Dukhovni. File:
+ tls/tls_bio_ops.c.
+
+ Bugfix (introduced: Postfix 2.8): a TLS error for one TLS
+ session may cause a false 'lost connection' error for a
+ concurrent TLS session in the same tlsproxy process. File:
+ tlsproxy/tlsproxy.c.
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/Makefile.in
--- a/external/ibm-public/postfix/dist/Makefile.in Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/Makefile.in Mon May 25 23:40:25 2020 +0000
@@ -1,7 +1,7 @@
# To test with valgrind:
# make -i tests VALGRIND="valgrind --tool=memcheck --log-file=/some/where.%p"
SHELL = /bin/sh
-WARN = -Wmissing-prototypes -Wformat -Wno-comment
+WARN = -Wmissing-prototypes -Wformat -Wno-comment -fcommon
OPTS = 'WARN=$(WARN)'
DIRS = src/util src/global src/dns src/tls src/xsasl src/master src/milter \
src/postfix src/fsstone src/smtpstone \
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/README_FILES/MAILLOG_README
--- a/external/ibm-public/postfix/dist/README_FILES/MAILLOG_README Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/README_FILES/MAILLOG_README Mon May 25 23:40:25 2020 +0000
@@ -64,7 +64,7 @@
* Rename the current logfile by appending a suffix that contains the date and
time. This suffix is configured with the maillog_file_rotate_suffix
- parameter (default: %Y%M%d-%H%M%S).
+ parameter (default: %Y%m%d-%H%M%S).
* Reload Postfix so that postlogd(8) immediately closes the old logfile.
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/README_FILES/RELEASE_NOTES
--- a/external/ibm-public/postfix/dist/README_FILES/RELEASE_NOTES Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/README_FILES/RELEASE_NOTES Mon May 25 23:40:25 2020 +0000
@@ -25,6 +25,14 @@
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
+libc-musl workaround for Postfix 3.2.15, 3.3.10, 3.4.12, and 3.5.2
+------------------------------------------------------------------
+
+Security: this release disables DANE support on Linux systems with
+libc-musl, because libc-musl provides no indication whether DNS
+responses are authentic. This broke DANE support without a clear
+explanation.
+
Major changes - multiple relayhost in SMTP
------------------------------------------
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/RELEASE_NOTES
--- a/external/ibm-public/postfix/dist/RELEASE_NOTES Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/RELEASE_NOTES Mon May 25 23:40:25 2020 +0000
@@ -25,6 +25,14 @@
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
+libc-musl workaround for Postfix 3.2.15, 3.3.10, 3.4.12, and 3.5.2
+------------------------------------------------------------------
+
+Security: this release disables DANE support on Linux systems with
+libc-musl, because libc-musl provides no indication whether DNS
+responses are authentic. This broke DANE support without a clear
+explanation.
+
Major changes - multiple relayhost in SMTP
------------------------------------------
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/html/MAILLOG_README.html
--- a/external/ibm-public/postfix/dist/html/MAILLOG_README.html Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/html/MAILLOG_README.html Mon May 25 23:40:25 2020 +0000
@@ -114,7 +114,7 @@
<li> <p> Rename the current logfile by appending a suffix that
contains the date and time. This suffix is configured with the
-<a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> parameter (default: %Y%M%d-%H%M%S). </p>
+<a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> parameter (default: %Y%m%d-%H%M%S). </p>
<li> <p> Reload Postfix so that <a href="postlogd.8.html">postlogd(8)</a> immediately closes the
old logfile. </p>
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/html/postconf.5.html
--- a/external/ibm-public/postfix/dist/html/postconf.5.html Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/html/postconf.5.html Mon May 25 23:40:25 2020 +0000
@@ -6329,7 +6329,7 @@
</DD>
<DT><b><a name="maillog_file_rotate_suffix">maillog_file_rotate_suffix</a>
-(default: %Y%M%d-%H%M%S)</b></DT><DD>
+(default: %Y%m%d-%H%M%S)</b></DT><DD>
<p> The format of the suffix to append to $<a href="postconf.5.html#maillog_file">maillog_file</a> while rotating
the file with "postfix logrotate". See strftime(3) for syntax. The
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/html/postfix.1.html
--- a/external/ibm-public/postfix/dist/html/postfix.1.html Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/html/postfix.1.html Mon May 25 23:40:25 2020 +0000
@@ -285,7 +285,7 @@
<b><a href="postconf.5.html#maillog_file_prefixes">maillog_file_prefixes</a> (/var, /dev/stdout)</b>
A list of allowed prefixes for a <a href="postconf.5.html#maillog_file">maillog_file</a> value.
- <b><a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> (%Y%M%d-%H%M%S)</b>
+ <b><a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> (%Y%m%d-%H%M%S)</b>
The format of the suffix to append to $<a href="postconf.5.html#maillog_file">maillog_file</a> while rotat-
ing the file with "postfix logrotate".
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/makedefs
--- a/external/ibm-public/postfix/dist/makedefs Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/makedefs Mon May 25 23:40:25 2020 +0000
@@ -228,6 +228,19 @@
*) echo usage: $0 [system release] 1>&2; exit 1;;
esac
+case "$SYSTEM" in
+ Linux)
+ case "`PATH=/bin:/usr/bin ldd /bin/sh`" in
+ *-musl-*)
+ case "$CCARGS" in
+ *-DNO_DNSSEC*) ;;
+ *) echo Warning: libc-musl breaks DANE/TLSA security. 1>&2
+ echo This build will not support DANE/TLSA. 1>&2
+ CCARGS="$CCARGS -DNO_DNSSEC";;
+ esac;;
+ esac;;
+esac
+
case "$SYSTEM.$RELEASE" in
SCO_SV.3.2) SYSTYPE=SCO5
# Use the native compiler by default
@@ -1136,7 +1149,7 @@
: ${CC=gcc} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk} \
${WARN='-Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \
-Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
- -Wunused -Wno-missing-braces'}
+ -Wunused -Wno-missing-braces -fcommon'}
# Extract map type names from -DHAS_XXX compiler options. We avoid
# problems with tr(1) range syntax by using enumerations instead,
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/man/man1/postfix.1
--- a/external/ibm-public/postfix/dist/man/man1/postfix.1 Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/man/man1/postfix.1 Mon May 25 23:40:25 2020 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: postfix.1,v 1.1.1.6 2020/03/18 18:59:30 christos Exp $
+.\" $NetBSD: postfix.1,v 1.1.1.7 2020/05/25 23:40:29 christos Exp $
.\"
.TH POSTFIX 1
.ad
@@ -254,7 +254,7 @@
logrotate".
.IP "\fBmaillog_file_prefixes (/var, /dev/stdout)\fR"
A list of allowed prefixes for a maillog_file value.
-.IP "\fBmaillog_file_rotate_suffix (%Y%M%d\-%H%M%S)\fR"
+.IP "\fBmaillog_file_rotate_suffix (%Y%m%d\-%H%M%S)\fR"
The format of the suffix to append to $maillog_file while rotating
the file with "postfix logrotate".
.IP "\fBpostlog_service_name (postlog)\fR"
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/man/man5/postconf.5
--- a/external/ibm-public/postfix/dist/man/man5/postconf.5 Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/man/man5/postconf.5 Mon May 25 23:40:25 2020 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: postconf.5,v 1.1.1.15 2020/03/18 18:59:30 christos Exp $
+.\" $NetBSD: postconf.5,v 1.1.1.16 2020/05/25 23:40:29 christos Exp $
.\"
.TH POSTCONF 5
.SH NAME
@@ -3824,7 +3824,7 @@
whitespace.
.PP
This feature is available in Postfix 3.4 and later.
-.SH maillog_file_rotate_suffix (default: %Y%M%d\-%H%M%S)
+.SH maillog_file_rotate_suffix (default: %Y%m%d\-%H%M%S)
The format of the suffix to append to $maillog_file while rotating
the file with "postfix logrotate". See \fBstrftime\fR(3) for syntax. The
default suffix, YYYYMMDD\-HHMMSS, allows logs to be rotated frequently.
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/proto/MAILLOG_README.html
--- a/external/ibm-public/postfix/dist/proto/MAILLOG_README.html Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/proto/MAILLOG_README.html Mon May 25 23:40:25 2020 +0000
@@ -114,7 +114,7 @@
<li> <p> Rename the current logfile by appending a suffix that
contains the date and time. This suffix is configured with the
-maillog_file_rotate_suffix parameter (default: %Y%M%d-%H%M%S). </p>
+maillog_file_rotate_suffix parameter (default: %Y%m%d-%H%M%S). </p>
<li> <p> Reload Postfix so that postlogd(8) immediately closes the
old logfile. </p>
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/proto/postconf.proto
--- a/external/ibm-public/postfix/dist/proto/postconf.proto Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/proto/postconf.proto Mon May 25 23:40:25 2020 +0000
@@ -17651,7 +17651,7 @@
<p> This feature is available in Postfix 3.4 and later. </p>
-%PARAM maillog_file_rotate_suffix %Y%M%d-%H%M%S
+%PARAM maillog_file_rotate_suffix %Y%m%d-%H%M%S
<p> The format of the suffix to append to $maillog_file while rotating
the file with "postfix logrotate". See strftime(3) for syntax. The
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/src/dns/dns.h
--- a/external/ibm-public/postfix/dist/src/dns/dns.h Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/src/dns/dns.h Mon May 25 23:40:25 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dns.h,v 1.1.1.6 2020/03/18 18:59:33 christos Exp $ */
+/* $NetBSD: dns.h,v 1.1.1.7 2020/05/25 23:40:32 christos Exp $ */
#ifndef _DNS_H_INCLUDED_
#define _DNS_H_INCLUDED_
@@ -61,6 +61,7 @@
*/
#ifdef NO_DNSSEC
#undef RES_USE_DNSSEC
+#undef RES_TRUSTAD
#endif
/*
@@ -72,6 +73,9 @@
#ifndef RES_USE_EDNS0
#define RES_USE_EDNS0 0
#endif
+#ifndef RES_TRUSTAD
+#define RES_TRUSTAD 0
+#endif
/*-
* TLSA: https://tools.ietf.org/html/rfc6698#section-7.1
diff -r d89f91f0d5f1 -r 9129b594eed9 external/ibm-public/postfix/dist/src/dns/dns_lookup.c
--- a/external/ibm-public/postfix/dist/src/dns/dns_lookup.c Wed Mar 18 18:59:26 2020 +0000
+++ b/external/ibm-public/postfix/dist/src/dns/dns_lookup.c Mon May 25 23:40:25 2020 +0000
Home |
Main Index |
Thread Index |
Old Index