postfix-3.5-20190922

2025-08-22 09:57:34 +00:00 · 2019-09-22 00:00:00 -05:00 · 2019-09-22 00:00:00 -05:00 · 142d2a788f
commit 142d2a788f
parent b0a41c6c21
8 changed files with 47 additions and 43 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -24190,12 +24190,12 @@ Apologies for any names omitted.
 	TLS library overhaul. By intrigeri. File: tls/tls_dane.c.

 	Bugfix (introduced: Postfix-1.0.1): null pointer read, while
-	logging a warning after a corrupted bounce log file. File:
-	global/bounce_log.c.
+	logging a warning after reading a corrupted bounce log file.
+	File: global/bounce_log.c.

 	Bugfix (introduced: Postfix-2.9.0): null pointer read, while
 	logging a warning after a postscreen_command_filter read
-	error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c
+	error. File: postscreen/postscreen_smtpd.c.

 20190312

@ -24372,9 +24372,9 @@ Apologies for any names omitted.
 	hides application performance bugs, and because that still
 	suffers from server-side delayed ACKs. Instead, Postfix
 	avoids sending "small" writes back-to-back, by choosing a
-	VSTREAM buffer size that is a multiple of the reported
-	MSS. This workaround bumps the multiplier from 2x to 4x.
-	File: util/vstream_tweak.c.
+	VSTREAM buffer size that is a multiple of the reported MSS.
+	This workaround bumps the multiplier from 2x to 4x. File:
+	util/vstream_tweak.c.

 20190825

@ -24382,7 +24382,7 @@ Apologies for any names omitted.
 	segfault (null pointer read) or cause an SMTP server assertion
 	to fail when talking to a fake Dovecot server. The client
 	now logs a proper error instead. Problem reported by Tim
-	Düsterhus.  File: xsasl/xsasl_dovecot_server.c.
+	Düsterhus. File: xsasl/xsasl_dovecot_server.c.

 20190908

@ -24398,8 +24398,16 @@ Apologies for any names omitted.
 	log with error messages (see below for a specific case).
 	Problem reported by Andreas Schulze. File: tlsproxy/tlsproxy.c.

-	Bitrot: don't invoke SSL_shutdown() when the SSL engine thinks
-	that it is processing a TLS handshake. With the change at
-	https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59,
-	the error status was changed, incompatibly, from SSL_ERROR_NONE
+	Bitrot: don't invoke SSL_shutdown() when the SSL engine
+	thinks it is processing a TLS handshake. The commit at
+	https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59
+	changed the error status, incompatibly, from SSL_ERROR_NONE
 	into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c.
+
+20190918
+
+	Cleanup: the nbbio(3) library now accepts a sequence of
+	nbbio_enable_read() calls or a sequence of nbbio_enable_write()
+	calls. This allows tlsproxy(8) to reset an I/O timer after
+	each event without having to make an nbbio_disable_readwrite()
+	call. Files: util/nbbio.c, tlsproxy/tlsproxy.c.
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@ -1,14 +1,6 @@
 Wish list:

-	NBBIO timers can go off when a single nbbio_enable_xxx()
-	call is followed by a continuous sequence of events. This
-	has not been a problem in tlsproxy because the plaintext
-	stream moves data faster than the ciphertext stream, so
-	that plaintext events will happen in bursts instead of a
-	long continuous sequence. Fix: allow calling nbbio_enable_xxx()
-	when events of type 'xxx' are already enabled. Then
-	nbbio_enable_xxx() can skip the event_enable_xxx() call
-	before calling event_request_timer().
+	nbbio: exercise the sanity checks with fake msg(3) functions.

 	transport policy protocol (clone of check_policy).

--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@ -18833,7 +18833,7 @@ is then further encoded to yield a single-line base64 string.
 Creation of such tables and secure storage (the value includes
 private key material) are outside the responsibility of Postfix.  </p>

-<p> With "socketmap" and "tcp" the data is be transmitted in the clear, and
+<p> With "socketmap" and "tcp" the data will be transmitted in the clear, and
 there is no query access control, so these are generally unsuitable for storing
 SNI chains.  With LDAP and SQL, you should restrict read access and use TLS to
 protect the sensitive data in transit.  </p>
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@ -13166,7 +13166,7 @@ is then further encoded to yield a single\-line base64 string.
 Creation of such tables and secure storage (the value includes
 private key material) are outside the responsibility of Postfix.
 .PP
-With "socketmap" and "tcp" the data is be transmitted in the clear, and
+With "socketmap" and "tcp" the data will be transmitted in the clear, and
 there is no query access control, so these are generally unsuitable for storing
 SNI chains.  With LDAP and SQL, you should restrict read access and use TLS to
 protect the sensitive data in transit.
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@ -17535,7 +17535,7 @@ is then further encoded to yield a single-line base64 string.
 Creation of such tables and secure storage (the value includes
 private key material) are outside the responsibility of Postfix.  </p>

-<p> With "socketmap" and "tcp" the data is be transmitted in the clear, and
+<p> With "socketmap" and "tcp" the data will be transmitted in the clear, and
 there is no query access control, so these are generally unsuitable for storing
 SNI chains.  With LDAP and SQL, you should restrict read access and use TLS to
 protect the sensitive data in transit.  </p>
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20190914"
+#define MAIL_RELEASE_DATE	"20190922"
 #define MAIL_VERSION_NUMBER	"3.5"

 #ifdef SNAPSHOT
--- a/postfix/src/tlsproxy/tlsproxy.c
+++ b/postfix/src/tlsproxy/tlsproxy.c
@ -919,13 +919,11 @@ static void tlsp_strategy(TLSP_STATE *state)
    if (NBBIO_WRITE_PEND(plaintext_buf) > 0) {
 	if (NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_READ)
 	    nbbio_disable_readwrite(plaintext_buf);
-	if ((NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_WRITE) == 0)
-	    nbbio_enable_write(plaintext_buf, state->timeout);
+	nbbio_enable_write(plaintext_buf, state->timeout);
    } else if (NBBIO_READ_PEND(plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) {
 	if (NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_WRITE)
 	    nbbio_disable_readwrite(plaintext_buf);
-	if ((NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_READ) == 0)
-	    nbbio_enable_read(plaintext_buf, state->timeout);
+	nbbio_enable_read(plaintext_buf, state->timeout);
    } else {
 	if (NBBIO_ACTIVE_FLAGS(plaintext_buf))
 	    nbbio_slumber(plaintext_buf, state->timeout);
--- a/postfix/src/util/nbbio.c
+++ b/postfix/src/util/nbbio.c
@ -74,15 +74,17 @@
 /*	the named buffer pair, closes the stream, and destroys the
 /*	buffer pair.
 /*
-/*	nbbio_enable_read() enables a read pseudothread for the
-/*	named buffer pair.  It is an error to enable a read
-/*	pseudothread while the read buffer is full, or while a read
-/*	or write pseudothread is still enabled.
+/*	nbbio_enable_read() enables a read pseudothread (if one
+/*	does not already exist) for the named buffer pair, and
+/*	(re)starts the buffer pair's timer. It is an error to enable
+/*	a read pseudothread while the read buffer is full, or while
+/*	a write pseudothread is still enabled.
 /*
-/*	nbbio_enable_write() enables a write pseudothread for the
-/*	named buffer pair.  It is an error to enable a write
-/*	pseudothread while the write buffer is empty, or while a
-/*	read or write pseudothread is still enabled.
+/*	nbbio_enable_write() enables a write pseudothread (if one
+/*	does not already exist) for the named buffer pair, and
+/*	(re)starts the buffer pair's timer. It is an error to enable
+/*	a write pseudothread while the write buffer is empty, or
+/*	while a read pseudothread is still enabled.
 /*
 /*	nbbio_disable_readwrite() disables any read/write pseudothreads
 /*	for the named buffer pair, including timeouts. To ensure
@ -260,7 +262,7 @@ void    nbbio_enable_read(NBBIO *np, int timeout)
    /*
     * Sanity checks.
     */
-    if (np->flags & NBBIO_MASK_ACTIVE)
+    if (np->flags & (NBBIO_MASK_ACTIVE & ~NBBIO_FLAG_READ))
 	msg_panic("%s: socket fd=%d is enabled for %s",
 		  myname, np->fd, NBBIO_OP_NAME(np));
    if (timeout <= 0)
@ -273,9 +275,11 @@ void    nbbio_enable_read(NBBIO *np, int timeout)
    /*
     * Enable events.
     */
-    event_enable_read(np->fd, nbbio_event, (void *) np);
+    if ((np->flags & NBBIO_FLAG_READ) == 0) {
+	event_enable_read(np->fd, nbbio_event, (void *) np);
+	np->flags |= NBBIO_FLAG_READ;
+    }
    event_request_timer(nbbio_event, (void *) np, timeout);
-    np->flags |= NBBIO_FLAG_READ;
 }

 /* nbbio_enable_write - enable writing from buffer to socket */
@ -287,11 +291,11 @@ void    nbbio_enable_write(NBBIO *np, int timeout)
    /*
     * Sanity checks.
     */
-    if (np->flags & NBBIO_MASK_ACTIVE)
+    if (np->flags & (NBBIO_MASK_ACTIVE & ~NBBIO_FLAG_WRITE))
 	msg_panic("%s: socket fd=%d is enabled for %s",
 		  myname, np->fd, NBBIO_OP_NAME(np));
    if (timeout <= 0)
-	msg_panic("%s: socket fd=%d bad timeout %d",
+	msg_panic("%s: socket fd=%d: bad timeout %d",
 		  myname, np->fd, timeout);
    if (np->write_pend <= 0)
 	msg_panic("%s: socket fd=%d: empty write buffer",
@ -300,9 +304,11 @@ void    nbbio_enable_write(NBBIO *np, int timeout)
    /*
     * Enable events.
     */
-    event_enable_write(np->fd, nbbio_event, (void *) np);
+    if ((np->flags & NBBIO_FLAG_WRITE) == 0) {
+	event_enable_write(np->fd, nbbio_event, (void *) np);
+	np->flags |= NBBIO_FLAG_WRITE;
+    }
    event_request_timer(nbbio_event, (void *) np, timeout);
-    np->flags |= NBBIO_FLAG_WRITE;
 }

 /* nbbio_disable_readwrite - disable read/write/timer events */