Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu
This is the next in the series of normal postifx maintenance updates. I skipped postfix 3.4.11 since it had no changes that were relevant for Debian Buster. Of particular note, the last two listed TLS errors were reported upstream by a Debian Stable user who did a lot of work with the upstream developers to diagnose the problem and validate the solution. It would be nice to see the stable update out soon so that they can benefit. As usual, I have this running on multiple systems here without issue. I've also listed a few changes at the end that I did not put in debian/changelog because they have no effect on the binary or they have no effect given the gcc/glibc versions in Buster. Debdiff attached. Scott K Here are the details of the changes relative to Buster: [Scott Kitterman] * Updated debian/watch to track postfix 3.4 series for stable updates [Wietse Venema] * 3.4.11 - No changes that affect Debian 10 (Buster) * 3.4.12 - Bugfix: segfault in the tlsproxy client role when the server role was disabled. This typically happens on systems that do not receive mail, after configuring connection reuse for outbound TLS. Found during program maintenance. File: tlsproxy/tlsproxy.c. - Bugfix (introduced: Postfix 3.4): maillog_file_rotate_suffix default value used the minute instead of the month. Reported by Larry Stone. Files: conf/postfix-tls-script, proto/MAILLOG_README.html, proto/postconf.proto. global/mail_params.h, postfix/postfix.c. - Bitrot: avoid U_FILE_ACCESS_ERROR after chroot(), by initializing the ICU library before making the chroot() call. Files: util/midna_domain.[hc], global/mail_params.c. - Noise suppression: avoid "SSL_Shutdown:shutdown while in init" warnings. File: tls/tls_session.c. - Bugfix (introduced: Postfix 2.2): a TLS error for a PostgreSQL client caused a false 'lost connection' error for an SMTP over TLS session in the same Postfix process. Reported by Alexander Vasarab, diagnosed by Viktor Dukhovni. File: tls/tls_bio_ops.c. - Bugfix (introduced: Postfix 2.8): a TLS error for one TLS session may cause a false 'lost connection' error for a concurrent TLS session in the same tlsproxy process. File: tlsproxy/tlsproxy.c. Other changes not listed in debian/changelog: Workaround for broken builds after an incompatible change in GCC 10. Files: makedefs, Makefile.in. Workaround for broken DANE support after an incompatible change in GLIBC 2.31. This avoids the need for new options in /etc/resolv.conf. Files: dns/dns.h, dns/dns_lookup.c. Noise suppression: shut up a compiler that special-cases string literals. Viktor Dukhovni. File milter/milter.c. Security: disable DANE support on Alpine Linux because libc-musl provides no indication whether DNS responses are authentic. This broke DANE support without a clear explanation. File: makedefs. Noise suppression: shut up a compiler that special-cases string literals. Viktor Dukhovni. File smtpd/smtpd_check.c.
diff -Nru postfix-3.4.10/debian/changelog postfix-3.4.12/debian/changelog --- postfix-3.4.10/debian/changelog 2020-03-16 15:43:44.000000000 -0400 +++ postfix-3.4.12/debian/changelog 2020-05-18 17:45:37.000000000 -0400 @@ -1,3 +1,47 @@ +postfix (3.4.12-0+deb10u1) buster; urgency=medium + + [Scott Kitterman] + + * Updated debian/watch to track postfix 3.4 series for stable updates + + [Wietse Venema] + + * 3.4.11 + - No changes that affect Debian 10 (Buster) + + * 3.4.12 + - Bugfix: segfault in the tlsproxy client role when the server + role was disabled. This typically happens on systems that + do not receive mail, after configuring connection reuse for + outbound TLS. Found during program maintenance. File: + tlsproxy/tlsproxy.c. + + - Bugfix (introduced: Postfix 3.4): maillog_file_rotate_suffix + default value used the minute instead of the month. Reported + by Larry Stone. Files: conf/postfix-tls-script, + proto/MAILLOG_README.html, proto/postconf.proto. + global/mail_params.h, postfix/postfix.c. + + - Bitrot: avoid U_FILE_ACCESS_ERROR after chroot(), by + initializing the ICU library before making the chroot() + call. Files: util/midna_domain.[hc], global/mail_params.c. + + - Noise suppression: avoid "SSL_Shutdown:shutdown while in + init" warnings. File: tls/tls_session.c. + + - Bugfix (introduced: Postfix 2.2): a TLS error for a PostgreSQL + client caused a false 'lost connection' error for an SMTP + over TLS session in the same Postfix process. Reported by + Alexander Vasarab, diagnosed by Viktor Dukhovni. File: + tls/tls_bio_ops.c. + + - Bugfix (introduced: Postfix 2.8): a TLS error for one TLS + session may cause a false 'lost connection' error for a + concurrent TLS session in the same tlsproxy process. File: + tlsproxy/tlsproxy.c. + + -- Scott Kitterman <sc...@kitterman.com> Mon, 18 May 2020 17:45:37 -0400 + postfix (3.4.10-0+deb10u1) buster; urgency=medium [Wietse Venema] diff -Nru postfix-3.4.10/debian/watch postfix-3.4.12/debian/watch --- postfix-3.4.10/debian/watch 2020-03-16 06:33:05.000000000 -0400 +++ postfix-3.4.12/debian/watch 2020-05-18 16:55:04.000000000 -0400 @@ -1,3 +1,3 @@ version=3 -opts=pasv ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-([\d+\.]+)\.tar\.gz +opts=pasv ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-(3.4[\d+\.]+)\.tar\.gz diff -Nru postfix-3.4.10/HISTORY postfix-3.4.12/HISTORY --- postfix-3.4.10/HISTORY 2020-03-12 10:58:26.000000000 -0400 +++ postfix-3.4.12/HISTORY 2020-05-16 16:25:06.000000000 -0400 @@ -24346,3 +24346,69 @@ multi-Milter configuration during MAIL FROM. Milter client state was not properly reset after one of the Milters failed. Reported by WeiYu Wu. + +20200416 + + Workaround for broken builds after an incompatible change + in GCC 10. Files: makedefs, Makefile.in. + + Workaround for broken DANE support after an incompatible + change in GLIBC 2.31. This avoids the need for new options + in /etc/resolv.conf. Files: dns/dns.h, dns/dns_lookup.c. + +20200419 + + Bugfix: segfault in the tlsproxy client role when the server + role was disabled. This typically happens on systems that + do not receive mail, after configuring connection reuse for + outbound TLS. Found during program maintenance. File: + tlsproxy/tlsproxy.c. + +20200420 + + Noise suppression: shut up a compiler that special-cases + string literals. Viktor Dukhovni. File milter/milter.c. + +20200422 + + Security: disable DANE support on Alpine Linux because + libc-musl provides no indication whether DNS responses are + authentic. This broke DANE support without a clear explanation. + File: makedefs. + +20200505 + + Noise suppression: shut up a compiler that special-cases + string literals. Viktor Dukhovni. File smtpd/smtpd_check.c. + +20200509 + + Bugfix (introduced: Postfix 3.5): maillog_file_rotate_suffix + default value used the minute instead of the month. Reported + by Larry Stone. Files: conf/postfix-tls-script, + proto/MAILLOG_README.html, proto/postconf.proto. + global/mail_params.h, postfix/postfix.c. + +20200510 + + Bitrot: avoid U_FILE_ACCESS_ERROR after chroot(), by + initializing the ICU library before making the chroot() + call. Files: util/midna_domain.[hc], global/mail_params.c. + +20200511 + + Noise suppression: avoid "SSL_Shutdown:shutdown while in + init" warnings. File: tls/tls_session.c. + +20200515 + + Bugfix (introduced: Postfix 2.2): a TLS error for a PostgreSQL + client caused a false 'lost connection' error for an SMTP + over TLS session in the same Postfix process. Reported by + Alexander Vasarab, diagnosed by Viktor Dukhovni. File: + tls/tls_bio_ops.c. + + Bugfix (introduced: Postfix 2.8): a TLS error for one TLS + session may cause a false 'lost connection' error for a + concurrent TLS session in the same tlsproxy process. File: + tlsproxy/tlsproxy.c. diff -Nru postfix-3.4.10/html/MAILLOG_README.html postfix-3.4.12/html/MAILLOG_README.html --- postfix-3.4.10/html/MAILLOG_README.html 2019-02-03 16:26:07.000000000 -0500 +++ postfix-3.4.12/html/MAILLOG_README.html 2020-05-09 16:21:56.000000000 -0400 @@ -114,7 +114,7 @@ <li> <p> Rename the current logfile by appending a suffix that contains the date and time. This suffix is configured with the -<a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> parameter (default: %Y%M%d-%H%M%S). </p> +<a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> parameter (default: %Y%m%d-%H%M%S). </p> <li> <p> Reload Postfix so that <a href="postlogd.8.html">postlogd(8)</a> immediately closes the old logfile. </p> diff -Nru postfix-3.4.10/html/postconf.5.html postfix-3.4.12/html/postconf.5.html --- postfix-3.4.10/html/postconf.5.html 2019-06-29 09:33:39.000000000 -0400 +++ postfix-3.4.12/html/postconf.5.html 2020-05-09 16:21:56.000000000 -0400 @@ -6284,7 +6284,7 @@ </DD> <DT><b><a name="maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> -(default: %Y%M%d-%H%M%S)</b></DT><DD> +(default: %Y%m%d-%H%M%S)</b></DT><DD> <p> The format of the suffix to append to $<a href="postconf.5.html#maillog_file">maillog_file</a> while rotating the file with "postfix logrotate". See strftime(3) for syntax. The diff -Nru postfix-3.4.10/html/postfix.1.html postfix-3.4.12/html/postfix.1.html --- postfix-3.4.10/html/postfix.1.html 2019-02-01 07:23:33.000000000 -0500 +++ postfix-3.4.12/html/postfix.1.html 2020-05-09 16:21:56.000000000 -0400 @@ -285,7 +285,7 @@ <b><a href="postconf.5.html#maillog_file_prefixes">maillog_file_prefixes</a> (/var, /dev/stdout)</b> A list of allowed prefixes for a <a href="postconf.5.html#maillog_file">maillog_file</a> value. - <b><a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> (%Y%M%d-%H%M%S)</b> + <b><a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> (%Y%m%d-%H%M%S)</b> The format of the suffix to append to $<a href="postconf.5.html#maillog_file">maillog_file</a> while rotat- ing the file with "postfix logrotate". diff -Nru postfix-3.4.10/makedefs postfix-3.4.12/makedefs --- postfix-3.4.10/makedefs 2019-03-10 19:42:59.000000000 -0400 +++ postfix-3.4.12/makedefs 2020-05-06 10:10:41.000000000 -0400 @@ -228,6 +228,19 @@ *) echo usage: $0 [system release] 1>&2; exit 1;; esac +case "$SYSTEM" in + Linux) + case "`PATH=/bin:/usr/bin ldd /bin/sh`" in + *-musl-*) + case "$CCARGS" in + *-DNO_DNSSEC*) ;; + *) echo Warning: libc-musl breaks DANE/TLSA security. 1>&2 + echo This build will not support DANE/TLSA. 1>&2 + CCARGS="$CCARGS -DNO_DNSSEC";; + esac;; + esac;; +esac + case "$SYSTEM.$RELEASE" in SCO_SV.3.2) SYSTYPE=SCO5 # Use the native compiler by default @@ -1136,7 +1149,7 @@ : ${CC=gcc} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk} \ ${WARN='-Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ - -Wunused -Wno-missing-braces'} + -Wunused -Wno-missing-braces -fcommon'} # Extract map type names from -DHAS_XXX compiler options. We avoid # problems with tr(1) range syntax by using enumerations instead, diff -Nru postfix-3.4.10/Makefile.in postfix-3.4.12/Makefile.in --- postfix-3.4.10/Makefile.in 2019-01-29 17:24:42.000000000 -0500 +++ postfix-3.4.12/Makefile.in 2020-04-18 11:25:46.000000000 -0400 @@ -1,5 +1,5 @@ SHELL = /bin/sh -WARN = -Wmissing-prototypes -Wformat -Wno-comment +WARN = -Wmissing-prototypes -Wformat -Wno-comment -fcommon OPTS = 'WARN=$(WARN)' DIRS = src/util src/global src/dns src/tls src/xsasl src/master src/milter \ src/postfix src/fsstone src/smtpstone \ diff -Nru postfix-3.4.10/man/man1/postfix.1 postfix-3.4.12/man/man1/postfix.1 --- postfix-3.4.10/man/man1/postfix.1 2019-02-01 07:23:32.000000000 -0500 +++ postfix-3.4.12/man/man1/postfix.1 2020-05-12 19:29:36.000000000 -0400 @@ -252,7 +252,7 @@ logrotate". .IP "\fBmaillog_file_prefixes (/var, /dev/stdout)\fR" A list of allowed prefixes for a maillog_file value. -.IP "\fBmaillog_file_rotate_suffix (%Y%M%d\-%H%M%S)\fR" +.IP "\fBmaillog_file_rotate_suffix (%Y%m%d\-%H%M%S)\fR" The format of the suffix to append to $maillog_file while rotating the file with "postfix logrotate". .IP "\fBpostlog_service_name (postlog)\fR" diff -Nru postfix-3.4.10/man/man5/postconf.5 postfix-3.4.12/man/man5/postconf.5 --- postfix-3.4.10/man/man5/postconf.5 2019-06-29 09:33:39.000000000 -0400 +++ postfix-3.4.12/man/man5/postconf.5 2020-05-12 19:29:36.000000000 -0400 @@ -3775,7 +3775,7 @@ whitespace. .PP This feature is available in Postfix 3.4 and later. -.SH maillog_file_rotate_suffix (default: %Y%M%d\-%H%M%S) +.SH maillog_file_rotate_suffix (default: %Y%m%d\-%H%M%S) The format of the suffix to append to $maillog_file while rotating the file with "postfix logrotate". See \fBstrftime\fR(3) for syntax. The default suffix, YYYYMMDD\-HHMMSS, allows logs to be rotated frequently. diff -Nru postfix-3.4.10/proto/MAILLOG_README.html postfix-3.4.12/proto/MAILLOG_README.html --- postfix-3.4.10/proto/MAILLOG_README.html 2019-02-03 16:26:05.000000000 -0500 +++ postfix-3.4.12/proto/MAILLOG_README.html 2020-05-09 16:21:56.000000000 -0400 @@ -114,7 +114,7 @@ <li> <p> Rename the current logfile by appending a suffix that contains the date and time. This suffix is configured with the -maillog_file_rotate_suffix parameter (default: %Y%M%d-%H%M%S). </p> +maillog_file_rotate_suffix parameter (default: %Y%m%d-%H%M%S). </p> <li> <p> Reload Postfix so that postlogd(8) immediately closes the old logfile. </p> diff -Nru postfix-3.4.10/proto/postconf.proto postfix-3.4.12/proto/postconf.proto --- postfix-3.4.10/proto/postconf.proto 2019-06-28 17:19:58.000000000 -0400 +++ postfix-3.4.12/proto/postconf.proto 2020-05-09 16:21:56.000000000 -0400 @@ -17611,7 +17611,7 @@ <p> This feature is available in Postfix 3.4 and later. </p> -%PARAM maillog_file_rotate_suffix %Y%M%d-%H%M%S +%PARAM maillog_file_rotate_suffix %Y%m%d-%H%M%S <p> The format of the suffix to append to $maillog_file while rotating the file with "postfix logrotate". See strftime(3) for syntax. The diff -Nru postfix-3.4.10/README_FILES/MAILLOG_README postfix-3.4.12/README_FILES/MAILLOG_README --- postfix-3.4.10/README_FILES/MAILLOG_README 2019-02-03 16:26:07.000000000 -0500 +++ postfix-3.4.12/README_FILES/MAILLOG_README 2020-05-09 16:21:56.000000000 -0400 @@ -64,7 +64,7 @@ * Rename the current logfile by appending a suffix that contains the date and time. This suffix is configured with the maillog_file_rotate_suffix - parameter (default: %Y%M%d-%H%M%S). + parameter (default: %Y%m%d-%H%M%S). * Reload Postfix so that postlogd(8) immediately closes the old logfile. diff -Nru postfix-3.4.10/README_FILES/RELEASE_NOTES postfix-3.4.12/README_FILES/RELEASE_NOTES --- postfix-3.4.10/README_FILES/RELEASE_NOTES 2019-06-27 19:19:08.000000000 -0400 +++ postfix-3.4.12/README_FILES/RELEASE_NOTES 2020-05-16 17:21:36.000000000 -0400 @@ -16,6 +16,14 @@ If you upgrade from Postfix 3.2 or earlier, read RELEASE_NOTES-3.3 before proceeding. +libc-musl workaround for Postfix 3.2.15, 3.3.10, 3.4.12, and 3.5.2 +------------------------------------------------------------------ + +Security: this release disables DANE support on Linux systems with +libc-musl, because libc-musl provides no indication whether DNS +responses are authentic. This broke DANE support without a clear +explanation. + TLS Workaround for Postfix 3.4.6, 3.3.5, 3.2.10 and 3.1.13 ----------------------------------------------------------- diff -Nru postfix-3.4.10/RELEASE_NOTES postfix-3.4.12/RELEASE_NOTES --- postfix-3.4.10/RELEASE_NOTES 2019-06-27 19:19:08.000000000 -0400 +++ postfix-3.4.12/RELEASE_NOTES 2020-05-16 17:21:36.000000000 -0400 @@ -16,6 +16,14 @@ If you upgrade from Postfix 3.2 or earlier, read RELEASE_NOTES-3.3 before proceeding. +libc-musl workaround for Postfix 3.2.15, 3.3.10, 3.4.12, and 3.5.2 +------------------------------------------------------------------ + +Security: this release disables DANE support on Linux systems with +libc-musl, because libc-musl provides no indication whether DNS +responses are authentic. This broke DANE support without a clear +explanation. + TLS Workaround for Postfix 3.4.6, 3.3.5, 3.2.10 and 3.1.13 ----------------------------------------------------------- diff -Nru postfix-3.4.10/src/dns/dns.h postfix-3.4.12/src/dns/dns.h --- postfix-3.4.10/src/dns/dns.h 2017-12-27 17:29:44.000000000 -0500 +++ postfix-3.4.12/src/dns/dns.h 2020-04-18 11:22:54.000000000 -0400 @@ -59,6 +59,7 @@ */ #ifdef NO_DNSSEC #undef RES_USE_DNSSEC +#undef RES_TRUSTAD #endif /* @@ -70,6 +71,9 @@ #ifndef RES_USE_EDNS0 #define RES_USE_EDNS0 0 #endif +#ifndef RES_TRUSTAD +#define RES_TRUSTAD 0 +#endif /*- * TLSA: https://tools.ietf.org/html/rfc6698#section-7.1 diff -Nru postfix-3.4.10/src/dns/dns_lookup.c postfix-3.4.12/src/dns/dns_lookup.c --- postfix-3.4.10/src/dns/dns_lookup.c 2019-12-15 11:13:04.000000000 -0500 +++ postfix-3.4.12/src/dns/dns_lookup.c 2020-04-18 11:22:54.000000000 -0400 @@ -116,6 +116,9 @@ /* Request DNSSEC validation. This flag is silently ignored /* when the system stub resolver API, resolver(3), does not /* implement DNSSEC. +/* Automatically turns on the RES_TRUSTAD flag on systems that +/* support this flag (this behavior will be more configurable +/* in a later release). /* .RE /* .IP lflags /* Flags that control the operation of the dns_lookup*() @@ -453,10 +456,10 @@ /* * Set extra options that aren't exposed to the application. */ -#define XTRA_FLAGS (RES_USE_EDNS0) +#define XTRA_FLAGS (RES_USE_EDNS0 | RES_TRUSTAD) if (flags & RES_USE_DNSSEC) - flags |= RES_USE_EDNS0; + flags |= (RES_USE_EDNS0 | RES_TRUSTAD); /* * Save and restore resolver options that we overwrite, to avoid diff -Nru postfix-3.4.10/src/dns/dns_str_resflags.c postfix-3.4.12/src/dns/dns_str_resflags.c --- postfix-3.4.10/src/dns/dns_str_resflags.c 2016-05-15 11:20:14.000000000 -0400 +++ postfix-3.4.12/src/dns/dns_str_resflags.c 2020-04-18 13:06:43.000000000 -0400 @@ -60,10 +60,16 @@ "RES_DEFNAMES", RES_DEFNAMES, "RES_STAYOPEN", RES_STAYOPEN, "RES_DNSRCH", RES_DNSRCH, +#ifdef RES_INSECURE1 "RES_INSECURE1", RES_INSECURE1, +#endif +#ifdef RES_INSECURE2 "RES_INSECURE2", RES_INSECURE2, +#endif "RES_NOALIASES", RES_NOALIASES, +#ifdef RES_USE_INET6 "RES_USE_INET6", RES_USE_INET6, +#endif #ifdef RES_ROTATE "RES_ROTATE", RES_ROTATE, #endif diff -Nru postfix-3.4.10/src/global/mail_params.c postfix-3.4.12/src/global/mail_params.c --- postfix-3.4.10/src/global/mail_params.c 2019-01-31 17:34:41.000000000 -0500 +++ postfix-3.4.12/src/global/mail_params.c 2020-05-12 19:15:37.000000000 -0400 @@ -868,6 +868,8 @@ var_smtputf8_enable = 0; #else midna_domain_transitional = var_idna2003_compat; + if (var_smtputf8_enable) + midna_domain_pre_chroot(); #endif util_utf8_enable = var_smtputf8_enable; diff -Nru postfix-3.4.10/src/global/mail_params.h postfix-3.4.12/src/global/mail_params.h --- postfix-3.4.10/src/global/mail_params.h 2019-07-23 18:46:37.000000000 -0400 +++ postfix-3.4.12/src/global/mail_params.h 2020-05-09 16:21:56.000000000 -0400 @@ -4178,7 +4178,7 @@ extern char *var_maillog_file_comp; #define VAR_MAILLOG_FILE_STAMP "maillog_file_rotate_suffix" -#define DEF_MAILLOG_FILE_STAMP "%Y%M%d-%H%M%S" +#define DEF_MAILLOG_FILE_STAMP "%Y%m%d-%H%M%S" extern char *var_maillog_file_stamp; #define VAR_POSTLOG_SERVICE "postlog_service_name" diff -Nru postfix-3.4.10/src/global/mail_version.h postfix-3.4.12/src/global/mail_version.h --- postfix-3.4.10/src/global/mail_version.h 2020-03-12 10:52:04.000000000 -0400 +++ postfix-3.4.12/src/global/mail_version.h 2020-05-16 12:01:12.000000000 -0400 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20200312" -#define MAIL_VERSION_NUMBER "3.4.10" +#define MAIL_RELEASE_DATE "20200516" +#define MAIL_VERSION_NUMBER "3.4.12" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -Nru postfix-3.4.10/src/milter/milter.c postfix-3.4.12/src/milter/milter.c --- postfix-3.4.10/src/milter/milter.c 2020-02-02 12:37:46.000000000 -0500 +++ postfix-3.4.12/src/milter/milter.c 2020-04-20 18:14:22.000000000 -0400 @@ -620,14 +620,14 @@ * names by skipping the redundant "milter_" prefix. */ static ATTR_OVER_TIME time_table[] = { - 7 + VAR_MILT_CONN_TIME, DEF_MILT_CONN_TIME, 0, 1, 0, - 7 + VAR_MILT_CMD_TIME, DEF_MILT_CMD_TIME, 0, 1, 0, - 7 + VAR_MILT_MSG_TIME, DEF_MILT_MSG_TIME, 0, 1, 0, + 7 + (const char *) VAR_MILT_CONN_TIME, DEF_MILT_CONN_TIME, 0, 1, 0, + 7 + (const char *) VAR_MILT_CMD_TIME, DEF_MILT_CMD_TIME, 0, 1, 0, + 7 + (const char *) VAR_MILT_MSG_TIME, DEF_MILT_MSG_TIME, 0, 1, 0, 0, }; static ATTR_OVER_STR str_table[] = { - 7 + VAR_MILT_PROTOCOL, 0, 1, 0, - 7 + VAR_MILT_DEF_ACTION, 0, 1, 0, + 7 + (const char *) VAR_MILT_PROTOCOL, 0, 1, 0, + 7 + (const char *) VAR_MILT_DEF_ACTION, 0, 1, 0, 0, }; diff -Nru postfix-3.4.10/src/postfix/postfix.c postfix-3.4.12/src/postfix/postfix.c --- postfix-3.4.10/src/postfix/postfix.c 2019-02-01 07:23:22.000000000 -0500 +++ postfix-3.4.12/src/postfix/postfix.c 2020-05-09 16:21:56.000000000 -0400 @@ -242,7 +242,7 @@ /* logrotate". /* .IP "\fBmaillog_file_prefixes (/var, /dev/stdout)\fR" /* A list of allowed prefixes for a maillog_file value. -/* .IP "\fBmaillog_file_rotate_suffix (%Y%M%d-%H%M%S)\fR" +/* .IP "\fBmaillog_file_rotate_suffix (%Y%m%d-%H%M%S)\fR" /* The format of the suffix to append to $maillog_file while rotating /* the file with "postfix logrotate". /* .IP "\fBpostlog_service_name (postlog)\fR" diff -Nru postfix-3.4.10/src/smtpd/smtpd_check.c postfix-3.4.12/src/smtpd/smtpd_check.c --- postfix-3.4.10/src/smtpd/smtpd_check.c 2019-03-12 08:28:20.000000000 -0400 +++ postfix-3.4.12/src/smtpd/smtpd_check.c 2020-05-05 18:34:05.000000000 -0400 @@ -483,20 +483,20 @@ * parameter names by skipping the redundant "smtpd_policy_service_" prefix. */ static ATTR_OVER_TIME time_table[] = { - 21 + VAR_SMTPD_POLICY_TMOUT, DEF_SMTPD_POLICY_TMOUT, 0, 1, 0, - 21 + VAR_SMTPD_POLICY_IDLE, DEF_SMTPD_POLICY_IDLE, 0, 1, 0, - 21 + VAR_SMTPD_POLICY_TTL, DEF_SMTPD_POLICY_TTL, 0, 1, 0, - 21 + VAR_SMTPD_POLICY_TRY_DELAY, DEF_SMTPD_POLICY_TRY_DELAY, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_TMOUT, DEF_SMTPD_POLICY_TMOUT, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_IDLE, DEF_SMTPD_POLICY_IDLE, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_TTL, DEF_SMTPD_POLICY_TTL, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_TRY_DELAY, DEF_SMTPD_POLICY_TRY_DELAY, 0, 1, 0, 0, }; static ATTR_OVER_INT int_table[] = { - 21 + VAR_SMTPD_POLICY_REQ_LIMIT, 0, 0, 0, - 21 + VAR_SMTPD_POLICY_TRY_LIMIT, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_REQ_LIMIT, 0, 0, 0, + 21 + (const char *) VAR_SMTPD_POLICY_TRY_LIMIT, 0, 1, 0, 0, }; static ATTR_OVER_STR str_table[] = { - 21 + VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0, - 21 + VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0, 0, }; diff -Nru postfix-3.4.10/src/tls/tls_bio_ops.c postfix-3.4.12/src/tls/tls_bio_ops.c --- postfix-3.4.10/src/tls/tls_bio_ops.c 2013-05-30 08:45:03.000000000 -0400 +++ postfix-3.4.12/src/tls/tls_bio_ops.c 2020-05-16 11:48:08.000000000 -0400 @@ -194,6 +194,13 @@ * handling any pending network I/O. */ for (;;) { + + /* + * Flush the per-thread SSL error queue. Otherwise, errors from other + * code that also uses TLS may confuse SSL_get_error(3). + */ + ERR_clear_error(); + if (hsfunc) status = hsfunc(TLScontext->con); else if (rfunc) diff -Nru postfix-3.4.10/src/tls/tls_session.c postfix-3.4.12/src/tls/tls_session.c --- postfix-3.4.10/src/tls/tls_session.c 2019-06-25 08:05:54.000000000 -0400 +++ postfix-3.4.12/src/tls/tls_session.c 2020-05-12 19:17:34.000000000 -0400 @@ -118,7 +118,7 @@ * so we will not perform SSL_shutdown() and the session will be removed * as being bad. */ - if (!failure) { + if (!failure && !SSL_in_init(TLScontext->con)) { retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext); if (!var_tls_fast_shutdown && retval == 0) tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext); diff -Nru postfix-3.4.10/src/tlsproxy/tlsproxy.c postfix-3.4.12/src/tlsproxy/tlsproxy.c --- postfix-3.4.10/src/tlsproxy/tlsproxy.c 2019-09-14 18:43:05.000000000 -0400 +++ postfix-3.4.12/src/tlsproxy/tlsproxy.c 2020-05-16 11:49:04.000000000 -0400 @@ -781,6 +781,7 @@ */ if (state->flags & TLSP_FLAG_DO_HANDSHAKE) { state->timeout = state->handshake_timeout; + ERR_clear_error(); if (state->is_server_role) ssl_stat = SSL_accept(tls_context->con); else @@ -809,6 +810,7 @@ if (NBBIO_ERROR_FLAGS(plaintext_buf)) { if (NBBIO_ACTIVE_FLAGS(plaintext_buf)) nbbio_disable_readwrite(state->plaintext_buf); + ERR_clear_error(); if (!SSL_in_init(tls_context->con) && (ssl_stat = SSL_shutdown(tls_context->con)) < 0) { handshake_err = SSL_get_error(tls_context->con, ssl_stat); @@ -835,6 +837,7 @@ */ ssl_write_err = SSL_ERROR_NONE; while (NBBIO_READ_PEND(plaintext_buf) > 0) { + ERR_clear_error(); ssl_stat = SSL_write(tls_context->con, NBBIO_READ_BUF(plaintext_buf), NBBIO_READ_PEND(plaintext_buf)); ssl_write_err = SSL_get_error(tls_context->con, ssl_stat); @@ -865,6 +868,7 @@ */ ssl_read_err = SSL_ERROR_NONE; while (NBBIO_WRITE_PEND(state->plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) { + ERR_clear_error(); ssl_stat = SSL_read(tls_context->con, NBBIO_WRITE_BUF(plaintext_buf) + NBBIO_WRITE_PEND(state->plaintext_buf), @@ -1489,16 +1493,15 @@ TLSP_INIT_TIMEOUT, (void *) state); } -/* pre_jail_init - pre-jail initialization */ +/* pre_jail_init_server - pre-jail initialization */ -static void pre_jail_init(char *unused_name, char **unused_argv) +static void pre_jail_init_server(void) { TLS_SERVER_INIT_PROPS props; const char *cert_file; int have_server_cert; int no_server_cert_ok; int require_server_cert; - int clnt_use_tls; /* * The code in this routine is pasted literally from smtpd(8). I am not @@ -1531,7 +1534,7 @@ } var_tlsp_use_tls = var_tlsp_use_tls || var_tlsp_enforce_tls; if (!var_tlsp_use_tls) { - msg_warn("TLS service is requested, but disabled with %s or %s", + msg_warn("TLS server role is disabled with %s or %s", VAR_TLSP_TLS_LEVEL, VAR_TLSP_USE_TLS); return; } @@ -1622,6 +1625,13 @@ SSL_CTX_set_mode(tlsp_server_ctx->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); +} + +/* pre_jail_init_client - pre-jail initialization */ + +static void pre_jail_init_client(void) +{ + int clnt_use_tls; /* * The cache with TLS_APPL_STATE instances for different TLS_CLIENT_INIT @@ -1733,6 +1743,18 @@ msg_warn("TLS client initialization failed"); } } +} + +/* pre_jail_init - pre-jail initialization */ + +static void pre_jail_init(char *unused_name, char **unused_argv) +{ + + /* + * Initialize roles separately. + */ + pre_jail_init_server(); + pre_jail_init_client(); /* * tlsp_client_init() needs to know if it is called pre-jail or diff -Nru postfix-3.4.10/src/util/midna_domain.c postfix-3.4.12/src/util/midna_domain.c --- postfix-3.4.10/src/util/midna_domain.c 2016-12-04 12:40:19.000000000 -0500 +++ postfix-3.4.12/src/util/midna_domain.c 2020-05-12 19:15:37.000000000 -0400 @@ -20,6 +20,8 @@ /* /* const char *midna_domain_suffix_to_utf8( /* const char *name) +/* AUXILIARY FUNCTIONS +/* void midna_domain_pre_chroot(void) /* DESCRIPTION /* The functions in this module transform domain names from/to /* ASCII and UTF-8 form. The result is cached to avoid repeated @@ -52,6 +54,8 @@ /* /* midna_domain_transitional enables transitional conversion /* between UTF8 and ASCII labels. +/* +/* midna_domain_pre_chroot() does some pre-chroot initialization. /* SEE ALSO /* http://unicode.org/reports/tr46/ Unicode IDNA Compatibility processing /* msg(3) diagnostics interface @@ -144,6 +148,22 @@ } } +/* midna_domain_pre_chroot - pre-chroot initialization */ + +void midna_domain_pre_chroot(void) +{ + UErrorCode error = U_ZERO_ERROR; + UIDNAInfo info = UIDNA_INFO_INITIALIZER; + UIDNA *idna; + + idna = uidna_openUTS46(midna_domain_transitional ? UIDNA_DEFAULT + : UIDNA_NONTRANSITIONAL_TO_ASCII, &error); + if (U_FAILURE(error)) + msg_warn("ICU library initialization failed: %s", + midna_domain_strerror(error, info.errors)); + uidna_close(idna); +} + /* midna_domain_to_ascii_create - convert domain to ASCII */ static void *midna_domain_to_ascii_create(const char *name, void *unused_context) @@ -327,6 +347,7 @@ /* * Test program - reads names from stdin, reports invalid names to stderr. */ +#include <unistd.h> #include <stdlib.h> #include <locale.h> @@ -350,6 +371,11 @@ /* msg_verbose = 1; */ util_utf8_enable = 1; + if (geteuid() == 0) { + midna_domain_pre_chroot(); + if (chroot(".") != 0) + msg_fatal("chroot(\".\"): %m"); + } while (vstring_fgets_nonl(buffer, VSTREAM_IN)) { bp = STR(buffer); msg_info("> %s", bp); diff -Nru postfix-3.4.10/src/util/midna_domain.h postfix-3.4.12/src/util/midna_domain.h --- postfix-3.4.10/src/util/midna_domain.h 2016-11-05 18:38:56.000000000 -0400 +++ postfix-3.4.12/src/util/midna_domain.h 2020-05-12 19:15:37.000000000 -0400 @@ -18,6 +18,7 @@ extern const char *midna_domain_to_utf8(const char *); extern const char *midna_domain_suffix_to_ascii(const char *); extern const char *midna_domain_suffix_to_utf8(const char *); +extern void midna_domain_pre_chroot(void); extern int midna_domain_cache_size; extern int midna_domain_transitional;