From 011bcfe882303bfa492767a60d6278c8e292d58a Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Sun, 22 Apr 2018 00:00:00 -0500 Subject: [PATCH] postfix-3.4-20180422 --- postfix/HISTORY | 18 ++++++++++++++++++ postfix/README_FILES/SMTPD_POLICY_README | 12 ++++++++---- postfix/html/SMTPD_POLICY_README.html | 13 ++++++++----- postfix/proto/SMTPD_POLICY_README.html | 13 ++++++++----- postfix/src/global/mail_version.h | 2 +- postfix/src/tls/tls_proxy_clnt.c | 2 ++ postfix/src/tlsproxy/tlsproxy.c | 8 +++++--- postfix/src/util/killme_after.c | 8 +++++++- 8 files changed, 57 insertions(+), 19 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 37d30497e..04e7f01fd 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -23378,3 +23378,21 @@ Apologies for any names omitted. properly terminate after "postfix stop". With assistance from Andreas Schulze and Eray Aslan. Files: master/master.c, master/master.h, master/master_sig.c. + +20180421 + + Documentation: in the protocol description mention early + on that a policy server must not close the connection unless + there is an error. File: proto/SMTPD_POLICY_README.html. + +20180422 + + Undocumented: when running in PID=1 mode on Linux, a signal + won't be delivered unless the process specifies a handler. + Conveniently, _exit() can be used directly as a signal + handler. This changes the wait status that a parent would + see, but in the case of PID=1 mode on Linux, no-one would + care. Viktor Dukhovni. File: util/killme_after.c. + + Bugfix: missing error tls_server_start() error handling in + tlsproxy(8). File: tlsproxy/tlsproxy.c. diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README index 2458776de..aaa30260a 100644 --- a/postfix/README_FILES/SMTPD_POLICY_README +++ b/postfix/README_FILES/SMTPD_POLICY_README @@ -36,10 +36,14 @@ This document covers the following topics: PPrroottooccooll ddeessccrriippttiioonn -The Postfix policy delegation protocol is really simple. The client request is -a sequence of name=value attributes separated by newline, and is terminated by -an empty line. The server reply is one name=value attribute and it, too, is -terminated by an empty line. +The Postfix policy delegation protocol is really simple. The client sends a +request and the server sends a response. Unless there was an error, the server +must not close the connection, so that the same connection can be used multiple +times. + +The client request is a sequence of name=value attributes separated by newline, +and is terminated by an empty line. The server reply is one name=value +attribute and it, too, is terminated by an empty line. Here is an example of all the attributes that the Postfix SMTP server sends in a delegated SMTPD access policy request: diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html index b5893a0eb..8dd2ce1e0 100644 --- a/postfix/html/SMTPD_POLICY_README.html +++ b/postfix/html/SMTPD_POLICY_README.html @@ -65,11 +65,14 @@ multiple times, for up to $max_use incomin

Protocol description

-

The Postfix policy delegation protocol is really simple. The -client request is a sequence of name=value attributes separated by -newline, and is terminated by an empty line. The server reply is -one name=value attribute and it, too, is terminated by an empty -line.

+

The Postfix policy delegation protocol is really simple. The client +sends a request and the server sends a response. Unless there was an +error, the server must not close the connection, so that the same +connection can be used multiple times.

+ +

The client request is a sequence of name=value attributes separated +by newline, and is terminated by an empty line. The server reply is one +name=value attribute and it, too, is terminated by an empty line.

Here is an example of all the attributes that the Postfix SMTP server sends in a delegated SMTPD access policy request:

diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html index d7a495ccb..79c876413 100644 --- a/postfix/proto/SMTPD_POLICY_README.html +++ b/postfix/proto/SMTPD_POLICY_README.html @@ -65,11 +65,14 @@ multiple times, for up to $max_use incoming SMTP connections.

Protocol description

-

The Postfix policy delegation protocol is really simple. The -client request is a sequence of name=value attributes separated by -newline, and is terminated by an empty line. The server reply is -one name=value attribute and it, too, is terminated by an empty -line.

+

The Postfix policy delegation protocol is really simple. The client +sends a request and the server sends a response. Unless there was an +error, the server must not close the connection, so that the same +connection can be used multiple times.

+ +

The client request is a sequence of name=value attributes separated +by newline, and is terminated by an empty line. The server reply is one +name=value attribute and it, too, is terminated by an empty line.

Here is an example of all the attributes that the Postfix SMTP server sends in a delegated SMTPD access policy request:

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index d68334e54..b4f0bad19 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20180404" +#define MAIL_RELEASE_DATE "20180422" #define MAIL_VERSION_NUMBER "3.4" #ifdef SNAPSHOT diff --git a/postfix/src/tls/tls_proxy_clnt.c b/postfix/src/tls/tls_proxy_clnt.c index ea10fbda4..97d096264 100644 --- a/postfix/src/tls/tls_proxy_clnt.c +++ b/postfix/src/tls/tls_proxy_clnt.c @@ -235,6 +235,8 @@ void tls_proxy_context_free(TLS_SESS_STATE *tls_context) myfree(tls_context->issuer_CN); if (tls_context->peer_cert_fprint) myfree(tls_context->peer_cert_fprint); + if (tls_context->peer_pkey_fprint) + myfree(tls_context->peer_pkey_fprint); if (tls_context->protocol) myfree((void *) tls_context->protocol); if (tls_context->cipher_name) diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index 808689c24..2c855ffcc 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -663,7 +663,7 @@ static void tlsp_ciphertext_event(int event, void *context) /* tlsp_start_tls - turn on TLS or force disconnect */ -static void tlsp_start_tls(TLSP_STATE *state) +static int tlsp_start_tls(TLSP_STATE *state) { TLS_SERVER_START_PROPS props; static char *cipher_grade; @@ -716,7 +716,7 @@ static void tlsp_start_tls(TLSP_STATE *state) if (state->tls_context == 0) { tlsp_state_free(state); - return; + return (-1); } /* @@ -729,6 +729,7 @@ static void tlsp_start_tls(TLSP_STATE *state) * XXX Do we care about certificate verification results? Not as long as * postscreen(8) doesn't actually receive email. */ + return (0); } /* tlsp_get_fd_event - receive final postscreen(8) hand-off information */ @@ -776,7 +777,8 @@ static void tlsp_get_fd_event(int event, void *context) * Perform the TLS layer before-handshake initialization. We perform the * remainder after the TLS handshake completes. */ - tlsp_start_tls(state); + if (tlsp_start_tls(state) < 0) + return; /* * Trigger the initial proxy server I/Os. diff --git a/postfix/src/util/killme_after.c b/postfix/src/util/killme_after.c index 1ce06d675..886b043f1 100644 --- a/postfix/src/util/killme_after.c +++ b/postfix/src/util/killme_after.c @@ -46,11 +46,17 @@ void killme_after(unsigned int seconds) * Schedule an ALARM signal, and make sure the signal will be delivered * even if we are being called from a signal handler and SIGALRM delivery * is blocked. + * + * Undocumented: when running in "init" mode on Linux, the signal won't be + * delivered unless the process specifies a handler. Conveniently, + * _exit() can be used directly as a signal handler. This changes the + * wait status that a parent would see, but in the case of "init" mode on + * Linux, no-one would care. */ alarm(0); sigemptyset(&sig_action.sa_mask); sig_action.sa_flags = 0; - sig_action.sa_handler = SIG_DFL; + sig_action.sa_handler = (getpid() == 1 ? _exit : SIG_DFL); sigaction(SIGALRM, &sig_action, (struct sigaction *) 0); alarm(seconds); sigaddset(&sig_action.sa_mask, SIGALRM);