Module Name: src
Committed By: christos
Date: Mon May 25 23:47:14 UTC 2020
Modified Files:
src/external/ibm-public/postfix/dist: makedefs
src/external/ibm-public/postfix/dist/html: postconf.5.html
src/external/ibm-public/postfix/dist/man/man1: postfix.1
src/external/ibm-public/postfix/dist/man/man5: postconf.5
src/external/ibm-public/postfix/dist/proto: postconf.proto
src/external/ibm-public/postfix/dist/src/dns: dns.h dns_lookup.c
src/external/ibm-public/postfix/dist/src/global: mail_params.c
mail_params.h mail_version.h
src/external/ibm-public/postfix/dist/src/milter: milter.c
src/external/ibm-public/postfix/dist/src/postfix: postfix.c
src/external/ibm-public/postfix/dist/src/smtpd: smtpd_check.c
src/external/ibm-public/postfix/dist/src/tls: tls_session.c
src/external/ibm-public/postfix/dist/src/tlsproxy: tlsproxy.c
src/external/ibm-public/postfix/dist/src/util: midna_domain.c
midna_domain.h
Log Message:
merge conflicts
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/external/ibm-public/postfix/dist/makedefs
cvs rdiff -u -r1.16 -r1.17 \
src/external/ibm-public/postfix/dist/html/postconf.5.html
cvs rdiff -u -r1.3 -r1.4 \
src/external/ibm-public/postfix/dist/man/man1/postfix.1
cvs rdiff -u -r1.16 -r1.17 \
src/external/ibm-public/postfix/dist/man/man5/postconf.5
cvs rdiff -u -r1.16 -r1.17 \
src/external/ibm-public/postfix/dist/proto/postconf.proto
cvs rdiff -u -r1.3 -r1.4 src/external/ibm-public/postfix/dist/src/dns/dns.h
cvs rdiff -u -r1.5 -r1.6 \
src/external/ibm-public/postfix/dist/src/dns/dns_lookup.c
cvs rdiff -u -r1.3 -r1.4 \
src/external/ibm-public/postfix/dist/src/global/mail_params.c \
src/external/ibm-public/postfix/dist/src/global/mail_version.h
cvs rdiff -u -r1.16 -r1.17 \
src/external/ibm-public/postfix/dist/src/global/mail_params.h
cvs rdiff -u -r1.3 -r1.4 \
src/external/ibm-public/postfix/dist/src/milter/milter.c
cvs rdiff -u -r1.3 -r1.4 \
src/external/ibm-public/postfix/dist/src/postfix/postfix.c
cvs rdiff -u -r1.3 -r1.4 \
src/external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c
cvs rdiff -u -r1.2 -r1.3 \
src/external/ibm-public/postfix/dist/src/tls/tls_session.c
cvs rdiff -u -r1.3 -r1.4 \
src/external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.c
cvs rdiff -u -r1.3 -r1.4 \
src/external/ibm-public/postfix/dist/src/util/midna_domain.c \
src/external/ibm-public/postfix/dist/src/util/midna_domain.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/ibm-public/postfix/dist/makedefs
diff -u src/external/ibm-public/postfix/dist/makedefs:1.13 src/external/ibm-public/postfix/dist/makedefs:1.14
--- src/external/ibm-public/postfix/dist/makedefs:1.13 Wed Mar 18 15:05:13 2020
+++ src/external/ibm-public/postfix/dist/makedefs Mon May 25 19:47:13 2020
@@ -228,6 +228,19 @@ case $# in
*) echo usage: $0 [system release] 1>&2; exit 1;;
esac
+case "$SYSTEM" in
+ Linux)
+ case "`PATH=/bin:/usr/bin ldd /bin/sh`" in
+ *-musl-*)
+ case "$CCARGS" in
+ *-DNO_DNSSEC*) ;;
+ *) echo Warning: libc-musl breaks DANE/TLSA security. 1>&2
+ echo This build will not support DANE/TLSA. 1>&2
+ CCARGS="$CCARGS -DNO_DNSSEC";;
+ esac;;
+ esac;;
+esac
+
case "$SYSTEM.$RELEASE" in
SCO_SV.3.2) SYSTYPE=SCO5
# Use the native compiler by default
@@ -1136,7 +1149,7 @@ esac
: ${CC=gcc} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk} \
${WARN='-Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \
-Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
- -Wunused -Wno-missing-braces'}
+ -Wunused -Wno-missing-braces -fcommon'}
# Extract map type names from -DHAS_XXX compiler options. We avoid
# problems with tr(1) range syntax by using enumerations instead,
Index: src/external/ibm-public/postfix/dist/html/postconf.5.html
diff -u src/external/ibm-public/postfix/dist/html/postconf.5.html:1.16 src/external/ibm-public/postfix/dist/html/postconf.5.html:1.17
--- src/external/ibm-public/postfix/dist/html/postconf.5.html:1.16 Wed Mar 18 15:05:14 2020
+++ src/external/ibm-public/postfix/dist/html/postconf.5.html Mon May 25 19:47:13 2020
@@ -6329,7 +6329,7 @@ whitespace. </p>
</DD>
<DT><b><a name="maillog_file_rotate_suffix">maillog_file_rotate_suffix</a>
-(default: %Y%M%d-%H%M%S)</b></DT><DD>
+(default: %Y%m%d-%H%M%S)</b></DT><DD>
<p> The format of the suffix to append to $<a href="postconf.5.html#maillog_file">maillog_file</a> while rotating
the file with "postfix logrotate". See strftime(3) for syntax. The
Index: src/external/ibm-public/postfix/dist/man/man1/postfix.1
diff -u src/external/ibm-public/postfix/dist/man/man1/postfix.1:1.3 src/external/ibm-public/postfix/dist/man/man1/postfix.1:1.4
--- src/external/ibm-public/postfix/dist/man/man1/postfix.1:1.3 Wed Mar 18 15:05:14 2020
+++ src/external/ibm-public/postfix/dist/man/man1/postfix.1 Mon May 25 19:47:13 2020
@@ -1,4 +1,4 @@
-.\" $NetBSD: postfix.1,v 1.3 2020/03/18 19:05:14 christos Exp $
+.\" $NetBSD: postfix.1,v 1.4 2020/05/25 23:47:13 christos Exp $
.\"
.TH POSTFIX 1
.ad
@@ -254,7 +254,7 @@ The program to run after rotating $maill
logrotate".
.IP "\fBmaillog_file_prefixes (/var, /dev/stdout)\fR"
A list of allowed prefixes for a maillog_file value.
-.IP "\fBmaillog_file_rotate_suffix (%Y%M%d\-%H%M%S)\fR"
+.IP "\fBmaillog_file_rotate_suffix (%Y%m%d\-%H%M%S)\fR"
The format of the suffix to append to $maillog_file while rotating
the file with "postfix logrotate".
.IP "\fBpostlog_service_name (postlog)\fR"
Index: src/external/ibm-public/postfix/dist/man/man5/postconf.5
diff -u src/external/ibm-public/postfix/dist/man/man5/postconf.5:1.16 src/external/ibm-public/postfix/dist/man/man5/postconf.5:1.17
--- src/external/ibm-public/postfix/dist/man/man5/postconf.5:1.16 Wed Mar 18 15:05:14 2020
+++ src/external/ibm-public/postfix/dist/man/man5/postconf.5 Mon May 25 19:47:13 2020
@@ -1,4 +1,4 @@
-.\" $NetBSD: postconf.5,v 1.16 2020/03/18 19:05:14 christos Exp $
+.\" $NetBSD: postconf.5,v 1.17 2020/05/25 23:47:13 christos Exp $
.\"
.TH POSTCONF 5
.SH NAME
@@ -3824,7 +3824,7 @@ mistake. Specify one or more prefix stri
whitespace.
.PP
This feature is available in Postfix 3.4 and later.
-.SH maillog_file_rotate_suffix (default: %Y%M%d\-%H%M%S)
+.SH maillog_file_rotate_suffix (default: %Y%m%d\-%H%M%S)
The format of the suffix to append to $maillog_file while rotating
the file with "postfix logrotate". See \fBstrftime\fR(3) for syntax. The
default suffix, YYYYMMDD\-HHMMSS, allows logs to be rotated frequently.
Index: src/external/ibm-public/postfix/dist/proto/postconf.proto
diff -u src/external/ibm-public/postfix/dist/proto/postconf.proto:1.16 src/external/ibm-public/postfix/dist/proto/postconf.proto:1.17
--- src/external/ibm-public/postfix/dist/proto/postconf.proto:1.16 Wed Mar 18 15:05:14 2020
+++ src/external/ibm-public/postfix/dist/proto/postconf.proto Mon May 25 19:47:13 2020
@@ -17651,7 +17651,7 @@ first argument. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
-%PARAM maillog_file_rotate_suffix %Y%M%d-%H%M%S
+%PARAM maillog_file_rotate_suffix %Y%m%d-%H%M%S
<p> The format of the suffix to append to $maillog_file while rotating
the file with "postfix logrotate". See strftime(3) for syntax. The
Index: src/external/ibm-public/postfix/dist/src/dns/dns.h
diff -u src/external/ibm-public/postfix/dist/src/dns/dns.h:1.3 src/external/ibm-public/postfix/dist/src/dns/dns.h:1.4
--- src/external/ibm-public/postfix/dist/src/dns/dns.h:1.3 Wed Mar 18 15:05:15 2020
+++ src/external/ibm-public/postfix/dist/src/dns/dns.h Mon May 25 19:47:13 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: dns.h,v 1.3 2020/03/18 19:05:15 christos Exp $ */
+/* $NetBSD: dns.h,v 1.4 2020/05/25 23:47:13 christos Exp $ */
#ifndef _DNS_H_INCLUDED_
#define _DNS_H_INCLUDED_
@@ -61,6 +61,7 @@
*/
#ifdef NO_DNSSEC
#undef RES_USE_DNSSEC
+#undef RES_TRUSTAD
#endif
/*
@@ -72,6 +73,9 @@
#ifndef RES_USE_EDNS0
#define RES_USE_EDNS0 0
#endif
+#ifndef RES_TRUSTAD
+#define RES_TRUSTAD 0
+#endif
/*-
* TLSA: https://tools.ietf.org/html/rfc6698#section-7.1
Index: src/external/ibm-public/postfix/dist/src/dns/dns_lookup.c
diff -u src/external/ibm-public/postfix/dist/src/dns/dns_lookup.c:1.5 src/external/ibm-public/postfix/dist/src/dns/dns_lookup.c:1.6
--- src/external/ibm-public/postfix/dist/src/dns/dns_lookup.c:1.5 Wed Mar 18 15:05:15 2020
+++ src/external/ibm-public/postfix/dist/src/dns/dns_lookup.c Mon May 25 19:47:13 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: dns_lookup.c,v 1.5 2020/03/18 19:05:15 christos Exp $ */
+/* $NetBSD: dns_lookup.c,v 1.6 2020/05/25 23:47:13 christos Exp $ */
/*++
/* NAME
@@ -118,6 +118,9 @@
/* Request DNSSEC validation. This flag is silently ignored
/* when the system stub resolver API, resolver(3), does not
/* implement DNSSEC.
+/* Automatically turns on the RES_TRUSTAD flag on systems that
+/* support this flag (this behavior will be more configurable
+/* in a later release).
/* .RE
/* .IP lflags
/* Flags that control the operation of the dns_lookup*()
@@ -487,10 +490,10 @@ static int dns_query(const char *name, i
/*
* Set extra options that aren't exposed to the application.
*/
-#define XTRA_FLAGS (RES_USE_EDNS0)
+#define XTRA_FLAGS (RES_USE_EDNS0 | RES_TRUSTAD)
if (flags & RES_USE_DNSSEC)
- flags |= RES_USE_EDNS0;
+ flags |= (RES_USE_EDNS0 | RES_TRUSTAD);
/*
* Can't append domains: we need the right SOA TTL.
Index: src/external/ibm-public/postfix/dist/src/global/mail_params.c
diff -u src/external/ibm-public/postfix/dist/src/global/mail_params.c:1.3 src/external/ibm-public/postfix/dist/src/global/mail_params.c:1.4
--- src/external/ibm-public/postfix/dist/src/global/mail_params.c:1.3 Wed Mar 18 15:05:16 2020
+++ src/external/ibm-public/postfix/dist/src/global/mail_params.c Mon May 25 19:47:14 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: mail_params.c,v 1.3 2020/03/18 19:05:16 christos Exp $ */
+/* $NetBSD: mail_params.c,v 1.4 2020/05/25 23:47:14 christos Exp $ */
/*++
/* NAME
@@ -873,6 +873,8 @@ void mail_params_init()
var_smtputf8_enable = 0;
#else
midna_domain_transitional = var_idna2003_compat;
+ if (var_smtputf8_enable)
+ midna_domain_pre_chroot();
#endif
util_utf8_enable = var_smtputf8_enable;
Index: src/external/ibm-public/postfix/dist/src/global/mail_version.h
diff -u src/external/ibm-public/postfix/dist/src/global/mail_version.h:1.3 src/external/ibm-public/postfix/dist/src/global/mail_version.h:1.4
--- src/external/ibm-public/postfix/dist/src/global/mail_version.h:1.3 Wed Mar 18 15:05:16 2020
+++ src/external/ibm-public/postfix/dist/src/global/mail_version.h Mon May 25 19:47:14 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: mail_version.h,v 1.3 2020/03/18 19:05:16 christos Exp $ */
+/* $NetBSD: mail_version.h,v 1.4 2020/05/25 23:47:14 christos Exp $ */
#ifndef _MAIL_VERSION_H_INCLUDED_
#define _MAIL_VERSION_H_INCLUDED_
@@ -22,8 +22,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20200316"
-#define MAIL_VERSION_NUMBER "3.5.0"
+#define MAIL_RELEASE_DATE "20200516"
+#define MAIL_VERSION_NUMBER "3.5.2"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
Index: src/external/ibm-public/postfix/dist/src/global/mail_params.h
diff -u src/external/ibm-public/postfix/dist/src/global/mail_params.h:1.16 src/external/ibm-public/postfix/dist/src/global/mail_params.h:1.17
--- src/external/ibm-public/postfix/dist/src/global/mail_params.h:1.16 Wed Mar 18 15:05:16 2020
+++ src/external/ibm-public/postfix/dist/src/global/mail_params.h Mon May 25 19:47:14 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: mail_params.h,v 1.16 2020/03/18 19:05:16 christos Exp $ */
+/* $NetBSD: mail_params.h,v 1.17 2020/05/25 23:47:14 christos Exp $ */
#ifndef _MAIL_PARAMS_H_INCLUDED_
#define _MAIL_PARAMS_H_INCLUDED_
@@ -4183,7 +4183,7 @@ extern char *var_maillog_file_pfxs;
extern char *var_maillog_file_comp;
#define VAR_MAILLOG_FILE_STAMP "maillog_file_rotate_suffix"
-#define DEF_MAILLOG_FILE_STAMP "%Y%M%d-%H%M%S"
+#define DEF_MAILLOG_FILE_STAMP "%Y%m%d-%H%M%S"
extern char *var_maillog_file_stamp;
#define VAR_POSTLOG_SERVICE "postlog_service_name"
Index: src/external/ibm-public/postfix/dist/src/milter/milter.c
diff -u src/external/ibm-public/postfix/dist/src/milter/milter.c:1.3 src/external/ibm-public/postfix/dist/src/milter/milter.c:1.4
--- src/external/ibm-public/postfix/dist/src/milter/milter.c:1.3 Wed Mar 18 15:05:17 2020
+++ src/external/ibm-public/postfix/dist/src/milter/milter.c Mon May 25 19:47:14 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: milter.c,v 1.3 2020/03/18 19:05:17 christos Exp $ */
+/* $NetBSD: milter.c,v 1.4 2020/05/25 23:47:14 christos Exp $ */
/*++
/* NAME
@@ -622,14 +622,14 @@ void milter_disc_event(MILTERS *milte
* names by skipping the redundant "milter_" prefix.
*/
static ATTR_OVER_TIME time_table[] = {
- 7 + VAR_MILT_CONN_TIME, DEF_MILT_CONN_TIME, 0, 1, 0,
- 7 + VAR_MILT_CMD_TIME, DEF_MILT_CMD_TIME, 0, 1, 0,
- 7 + VAR_MILT_MSG_TIME, DEF_MILT_MSG_TIME, 0, 1, 0,
+ 7 + (const char *) VAR_MILT_CONN_TIME, DEF_MILT_CONN_TIME, 0, 1, 0,
+ 7 + (const char *) VAR_MILT_CMD_TIME, DEF_MILT_CMD_TIME, 0, 1, 0,
+ 7 + (const char *) VAR_MILT_MSG_TIME, DEF_MILT_MSG_TIME, 0, 1, 0,
0,
};
static ATTR_OVER_STR str_table[] = {
- 7 + VAR_MILT_PROTOCOL, 0, 1, 0,
- 7 + VAR_MILT_DEF_ACTION, 0, 1, 0,
+ 7 + (const char *) VAR_MILT_PROTOCOL, 0, 1, 0,
+ 7 + (const char *) VAR_MILT_DEF_ACTION, 0, 1, 0,
0,
};
Index: src/external/ibm-public/postfix/dist/src/postfix/postfix.c
diff -u src/external/ibm-public/postfix/dist/src/postfix/postfix.c:1.3 src/external/ibm-public/postfix/dist/src/postfix/postfix.c:1.4
--- src/external/ibm-public/postfix/dist/src/postfix/postfix.c:1.3 Wed Mar 18 15:05:18 2020
+++ src/external/ibm-public/postfix/dist/src/postfix/postfix.c Mon May 25 19:47:14 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: postfix.c,v 1.3 2020/03/18 19:05:18 christos Exp $ */
+/* $NetBSD: postfix.c,v 1.4 2020/05/25 23:47:14 christos Exp $ */
/*++
/* NAME
@@ -244,7 +244,7 @@
/* logrotate".
/* .IP "\fBmaillog_file_prefixes (/var, /dev/stdout)\fR"
/* A list of allowed prefixes for a maillog_file value.
-/* .IP "\fBmaillog_file_rotate_suffix (%Y%M%d-%H%M%S)\fR"
+/* .IP "\fBmaillog_file_rotate_suffix (%Y%m%d-%H%M%S)\fR"
/* The format of the suffix to append to $maillog_file while rotating
/* the file with "postfix logrotate".
/* .IP "\fBpostlog_service_name (postlog)\fR"
Index: src/external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c
diff -u src/external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c:1.3 src/external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c:1.4
--- src/external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c:1.3 Wed Mar 18 15:05:20 2020
+++ src/external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c Mon May 25 19:47:14 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: smtpd_check.c,v 1.3 2020/03/18 19:05:20 christos Exp $ */
+/* $NetBSD: smtpd_check.c,v 1.4 2020/05/25 23:47:14 christos Exp $ */
/*++
/* NAME
@@ -488,20 +488,20 @@ typedef struct {
* parameter names by skipping the redundant "smtpd_policy_service_" prefix.
*/
static ATTR_OVER_TIME time_table[] = {
- 21 + VAR_SMTPD_POLICY_TMOUT, DEF_SMTPD_POLICY_TMOUT, 0, 1, 0,
- 21 + VAR_SMTPD_POLICY_IDLE, DEF_SMTPD_POLICY_IDLE, 0, 1, 0,
- 21 + VAR_SMTPD_POLICY_TTL, DEF_SMTPD_POLICY_TTL, 0, 1, 0,
- 21 + VAR_SMTPD_POLICY_TRY_DELAY, DEF_SMTPD_POLICY_TRY_DELAY, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_TMOUT, DEF_SMTPD_POLICY_TMOUT, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_IDLE, DEF_SMTPD_POLICY_IDLE, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_TTL, DEF_SMTPD_POLICY_TTL, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_TRY_DELAY, DEF_SMTPD_POLICY_TRY_DELAY, 0, 1, 0,
0,
};
static ATTR_OVER_INT int_table[] = {
- 21 + VAR_SMTPD_POLICY_REQ_LIMIT, 0, 0, 0,
- 21 + VAR_SMTPD_POLICY_TRY_LIMIT, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_REQ_LIMIT, 0, 0, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_TRY_LIMIT, 0, 1, 0,
0,
};
static ATTR_OVER_STR str_table[] = {
- 21 + VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0,
- 21 + VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0,
0,
};
Index: src/external/ibm-public/postfix/dist/src/tls/tls_session.c
diff -u src/external/ibm-public/postfix/dist/src/tls/tls_session.c:1.2 src/external/ibm-public/postfix/dist/src/tls/tls_session.c:1.3
--- src/external/ibm-public/postfix/dist/src/tls/tls_session.c:1.2 Wed Mar 18 15:05:21 2020
+++ src/external/ibm-public/postfix/dist/src/tls/tls_session.c Mon May 25 19:47:14 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: tls_session.c,v 1.2 2020/03/18 19:05:21 christos Exp $ */
+/* $NetBSD: tls_session.c,v 1.3 2020/05/25 23:47:14 christos Exp $ */
/*++
/* NAME
@@ -120,7 +120,7 @@ void tls_session_stop(TLS_APPL_STATE
* so we will not perform SSL_shutdown() and the session will be removed
* as being bad.
*/
- if (!failure) {
+ if (!failure && !SSL_in_init(TLScontext->con)) {
retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
if (!var_tls_fast_shutdown && retval == 0)
tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
Index: src/external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.c
diff -u src/external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.c:1.3 src/external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.c:1.4
--- src/external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.c:1.3 Wed Mar 18 15:05:21 2020
+++ src/external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.c Mon May 25 19:47:14 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: tlsproxy.c,v 1.3 2020/03/18 19:05:21 christos Exp $ */
+/* $NetBSD: tlsproxy.c,v 1.4 2020/05/25 23:47:14 christos Exp $ */
/*++
/* NAME
@@ -783,6 +783,7 @@ static void tlsp_strategy(TLSP_STATE *st
*/
if (state->flags & TLSP_FLAG_DO_HANDSHAKE) {
state->timeout = state->handshake_timeout;
+ ERR_clear_error();
if (state->is_server_role)
ssl_stat = SSL_accept(tls_context->con);
else
@@ -811,6 +812,7 @@ static void tlsp_strategy(TLSP_STATE *st
if (NBBIO_ERROR_FLAGS(plaintext_buf)) {
if (NBBIO_ACTIVE_FLAGS(plaintext_buf))
nbbio_disable_readwrite(state->plaintext_buf);
+ ERR_clear_error();
if (!SSL_in_init(tls_context->con)
&& (ssl_stat = SSL_shutdown(tls_context->con)) < 0) {
handshake_err = SSL_get_error(tls_context->con, ssl_stat);
@@ -840,6 +842,7 @@ static void tlsp_strategy(TLSP_STATE *st
*/
ssl_write_err = SSL_ERROR_NONE;
while (NBBIO_READ_PEND(plaintext_buf) > 0) {
+ ERR_clear_error();
ssl_stat = SSL_write(tls_context->con, NBBIO_READ_BUF(plaintext_buf),
NBBIO_READ_PEND(plaintext_buf));
ssl_write_err = SSL_get_error(tls_context->con, ssl_stat);
@@ -872,6 +875,7 @@ static void tlsp_strategy(TLSP_STATE *st
*/
ssl_read_err = SSL_ERROR_NONE;
while (NBBIO_WRITE_PEND(state->plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) {
+ ERR_clear_error();
ssl_stat = SSL_read(tls_context->con,
NBBIO_WRITE_BUF(plaintext_buf)
+ NBBIO_WRITE_PEND(state->plaintext_buf),
@@ -1495,16 +1499,15 @@ static void tlsp_service(VSTREAM *plaint
TLSP_INIT_TIMEOUT, (void *) state);
}
-/* pre_jail_init - pre-jail initialization */
+/* pre_jail_init_server - pre-jail initialization */
-static void pre_jail_init(char *unused_name, char **unused_argv)
+static void pre_jail_init_server(void)
{
TLS_SERVER_INIT_PROPS props;
const char *cert_file;
int have_server_cert;
int no_server_cert_ok;
int require_server_cert;
- int clnt_use_tls;
/*
* The code in this routine is pasted literally from smtpd(8). I am not
@@ -1537,7 +1540,7 @@ static void pre_jail_init(char *unused_n
}
var_tlsp_use_tls = var_tlsp_use_tls || var_tlsp_enforce_tls;
if (!var_tlsp_use_tls) {
- msg_warn("TLS service is requested, but disabled with %s or %s",
+ msg_warn("TLS server role is disabled with %s or %s",
VAR_TLSP_TLS_LEVEL, VAR_TLSP_USE_TLS);
return;
}
@@ -1628,6 +1631,13 @@ static void pre_jail_init(char *unused_n
SSL_CTX_set_mode(tlsp_server_ctx->ssl_ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE
| SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+}
+
+/* pre_jail_init_client - pre-jail initialization */
+
+static void pre_jail_init_client(void)
+{
+ int clnt_use_tls;
/*
* The cache with TLS_APPL_STATE instances for different TLS_CLIENT_INIT
@@ -1739,6 +1749,18 @@ static void pre_jail_init(char *unused_n
msg_warn("TLS client initialization failed");
}
}
+}
+
+/* pre_jail_init - pre-jail initialization */
+
+static void pre_jail_init(char *unused_name, char **unused_argv)
+{
+
+ /*
+ * Initialize roles separately.
+ */
+ pre_jail_init_server();
+ pre_jail_init_client();
/*
* tlsp_client_init() needs to know if it is called pre-jail or
Index: src/external/ibm-public/postfix/dist/src/util/midna_domain.c
diff -u src/external/ibm-public/postfix/dist/src/util/midna_domain.c:1.3 src/external/ibm-public/postfix/dist/src/util/midna_domain.c:1.4
--- src/external/ibm-public/postfix/dist/src/util/midna_domain.c:1.3 Wed Mar 18 15:05:21 2020
+++ src/external/ibm-public/postfix/dist/src/util/midna_domain.c Mon May 25 19:47:14 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: midna_domain.c,v 1.3 2020/03/18 19:05:21 christos Exp $ */
+/* $NetBSD: midna_domain.c,v 1.4 2020/05/25 23:47:14 christos Exp $ */
/*++
/* NAME
@@ -22,6 +22,8 @@
/*
/* const char *midna_domain_suffix_to_utf8(
/* const char *name)
+/* AUXILIARY FUNCTIONS
+/* void midna_domain_pre_chroot(void)
/* DESCRIPTION
/* The functions in this module transform domain names from/to
/* ASCII and UTF-8 form. The result is cached to avoid repeated
@@ -54,6 +56,8 @@
/*
/* midna_domain_transitional enables transitional conversion
/* between UTF8 and ASCII labels.
+/*
+/* midna_domain_pre_chroot() does some pre-chroot initialization.
/* SEE ALSO
/* http://unicode.org/reports/tr46/ Unicode IDNA Compatibility processing
/* msg(3) diagnostics interface
@@ -146,6 +150,22 @@ static const char *midna_domain_strerror
}
}
+/* midna_domain_pre_chroot - pre-chroot initialization */
+
+void midna_domain_pre_chroot(void)
+{
+ UErrorCode error = U_ZERO_ERROR;
+ UIDNAInfo info = UIDNA_INFO_INITIALIZER;
+ UIDNA *idna;
+
+ idna = uidna_openUTS46(midna_domain_transitional ? UIDNA_DEFAULT
+ : UIDNA_NONTRANSITIONAL_TO_ASCII, &error);
+ if (U_FAILURE(error))
+ msg_warn("ICU library initialization failed: %s",
+ midna_domain_strerror(error, info.errors));
+ uidna_close(idna);
+}
+
/* midna_domain_to_ascii_create - convert domain to ASCII */
static void *midna_domain_to_ascii_create(const char *name, void *unused_context)
@@ -329,6 +349,7 @@ const char *midna_domain_suffix_to_utf8(
/*
* Test program - reads names from stdin, reports invalid names to stderr.
*/
+#include <unistd.h>
#include <stdlib.h>
#include <locale.h>
@@ -352,6 +373,11 @@ int main(int argc, char **argv)
/* msg_verbose = 1; */
util_utf8_enable = 1;
+ if (geteuid() == 0) {
+ midna_domain_pre_chroot();
+ if (chroot(".") != 0)
+ msg_fatal("chroot(\".\"): %m");
+ }
while (vstring_fgets_nonl(buffer, VSTREAM_IN)) {
bp = STR(buffer);
msg_info("> %s", bp);
Index: src/external/ibm-public/postfix/dist/src/util/midna_domain.h
diff -u src/external/ibm-public/postfix/dist/src/util/midna_domain.h:1.3 src/external/ibm-public/postfix/dist/src/util/midna_domain.h:1.4
--- src/external/ibm-public/postfix/dist/src/util/midna_domain.h:1.3 Wed Mar 18 15:05:21 2020
+++ src/external/ibm-public/postfix/dist/src/util/midna_domain.h Mon May 25 19:47:14 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: midna_domain.h,v 1.3 2020/03/18 19:05:21 christos Exp $ */
+/* $NetBSD: midna_domain.h,v 1.4 2020/05/25 23:47:14 christos Exp $ */
#ifndef _MIDNA_H_INCLUDED_
#define _MIDNA_H_INCLUDED_
@@ -20,6 +20,7 @@ extern const char *midna_domain_to_ascii
extern const char *midna_domain_to_utf8(const char *);
extern const char *midna_domain_suffix_to_ascii(const char *);
extern const char *midna_domain_suffix_to_utf8(const char *);
+extern void midna_domain_pre_chroot(void);
extern int midna_domain_cache_size;
extern int midna_domain_transitional;
