diff --git a/postfix/HISTORY b/postfix/HISTORY index 65d4053e9..22ed7df49 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -24190,12 +24190,12 @@ Apologies for any names omitted. TLS library overhaul. By intrigeri. File: tls/tls_dane.c. Bugfix (introduced: Postfix-1.0.1): null pointer read, while - logging a warning after a corrupted bounce log file. File: - global/bounce_log.c. + logging a warning after reading a corrupted bounce log file. + File: global/bounce_log.c. Bugfix (introduced: Postfix-2.9.0): null pointer read, while logging a warning after a postscreen_command_filter read - error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c + error. File: postscreen/postscreen_smtpd.c. 20190312 @@ -24372,9 +24372,9 @@ Apologies for any names omitted. hides application performance bugs, and because that still suffers from server-side delayed ACKs. Instead, Postfix avoids sending "small" writes back-to-back, by choosing a - VSTREAM buffer size that is a multiple of the reported - MSS. This workaround bumps the multiplier from 2x to 4x. - File: util/vstream_tweak.c. + VSTREAM buffer size that is a multiple of the reported MSS. + This workaround bumps the multiplier from 2x to 4x. File: + util/vstream_tweak.c. 20190825 @@ -24382,7 +24382,7 @@ Apologies for any names omitted. segfault (null pointer read) or cause an SMTP server assertion to fail when talking to a fake Dovecot server. The client now logs a proper error instead. Problem reported by Tim - Düsterhus. File: xsasl/xsasl_dovecot_server.c. + Düsterhus. File: xsasl/xsasl_dovecot_server.c. 20190908 @@ -24398,8 +24398,16 @@ Apologies for any names omitted. log with error messages (see below for a specific case). Problem reported by Andreas Schulze. File: tlsproxy/tlsproxy.c. - Bitrot: don't invoke SSL_shutdown() when the SSL engine thinks - that it is processing a TLS handshake. With the change at - https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59, - the error status was changed, incompatibly, from SSL_ERROR_NONE + Bitrot: don't invoke SSL_shutdown() when the SSL engine + thinks it is processing a TLS handshake. The commit at + https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59 + changed the error status, incompatibly, from SSL_ERROR_NONE into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c. + +20190918 + + Cleanup: the nbbio(3) library now accepts a sequence of + nbbio_enable_read() calls or a sequence of nbbio_enable_write() + calls. This allows tlsproxy(8) to reset an I/O timer after + each event without having to make an nbbio_disable_readwrite() + call. Files: util/nbbio.c, tlsproxy/tlsproxy.c. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 935271d50..254a6a792 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,14 +1,6 @@ Wish list: - NBBIO timers can go off when a single nbbio_enable_xxx() - call is followed by a continuous sequence of events. This - has not been a problem in tlsproxy because the plaintext - stream moves data faster than the ciphertext stream, so - that plaintext events will happen in bursts instead of a - long continuous sequence. Fix: allow calling nbbio_enable_xxx() - when events of type 'xxx' are already enabled. Then - nbbio_enable_xxx() can skip the event_enable_xxx() call - before calling event_request_timer(). + nbbio: exercise the sanity checks with fake msg(3) functions. transport policy protocol (clone of check_policy). diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 8d3de2c1c..cd76f8105 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -18833,7 +18833,7 @@ is then further encoded to yield a single-line base64 string. Creation of such tables and secure storage (the value includes private key material) are outside the responsibility of Postfix.

-

With "socketmap" and "tcp" the data is be transmitted in the clear, and +

With "socketmap" and "tcp" the data will be transmitted in the clear, and there is no query access control, so these are generally unsuitable for storing SNI chains. With LDAP and SQL, you should restrict read access and use TLS to protect the sensitive data in transit.

diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index f5b1a1e75..cb33ced1b 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -13166,7 +13166,7 @@ is then further encoded to yield a single\-line base64 string. Creation of such tables and secure storage (the value includes private key material) are outside the responsibility of Postfix. .PP -With "socketmap" and "tcp" the data is be transmitted in the clear, and +With "socketmap" and "tcp" the data will be transmitted in the clear, and there is no query access control, so these are generally unsuitable for storing SNI chains. With LDAP and SQL, you should restrict read access and use TLS to protect the sensitive data in transit. diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index fc27af592..dfc4f37f8 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -17535,7 +17535,7 @@ is then further encoded to yield a single-line base64 string. Creation of such tables and secure storage (the value includes private key material) are outside the responsibility of Postfix.

-

With "socketmap" and "tcp" the data is be transmitted in the clear, and +

With "socketmap" and "tcp" the data will be transmitted in the clear, and there is no query access control, so these are generally unsuitable for storing SNI chains. With LDAP and SQL, you should restrict read access and use TLS to protect the sensitive data in transit.

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index e240638f3..9e07af94a 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20190914" +#define MAIL_RELEASE_DATE "20190922" #define MAIL_VERSION_NUMBER "3.5" #ifdef SNAPSHOT diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index 9108126ea..f22a8f6e6 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -919,13 +919,11 @@ static void tlsp_strategy(TLSP_STATE *state) if (NBBIO_WRITE_PEND(plaintext_buf) > 0) { if (NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_READ) nbbio_disable_readwrite(plaintext_buf); - if ((NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_WRITE) == 0) - nbbio_enable_write(plaintext_buf, state->timeout); + nbbio_enable_write(plaintext_buf, state->timeout); } else if (NBBIO_READ_PEND(plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) { if (NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_WRITE) nbbio_disable_readwrite(plaintext_buf); - if ((NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_READ) == 0) - nbbio_enable_read(plaintext_buf, state->timeout); + nbbio_enable_read(plaintext_buf, state->timeout); } else { if (NBBIO_ACTIVE_FLAGS(plaintext_buf)) nbbio_slumber(plaintext_buf, state->timeout); diff --git a/postfix/src/util/nbbio.c b/postfix/src/util/nbbio.c index 0f345ed6b..d8ddfc6f2 100644 --- a/postfix/src/util/nbbio.c +++ b/postfix/src/util/nbbio.c @@ -74,15 +74,17 @@ /* the named buffer pair, closes the stream, and destroys the /* buffer pair. /* -/* nbbio_enable_read() enables a read pseudothread for the -/* named buffer pair. It is an error to enable a read -/* pseudothread while the read buffer is full, or while a read -/* or write pseudothread is still enabled. +/* nbbio_enable_read() enables a read pseudothread (if one +/* does not already exist) for the named buffer pair, and +/* (re)starts the buffer pair's timer. It is an error to enable +/* a read pseudothread while the read buffer is full, or while +/* a write pseudothread is still enabled. /* -/* nbbio_enable_write() enables a write pseudothread for the -/* named buffer pair. It is an error to enable a write -/* pseudothread while the write buffer is empty, or while a -/* read or write pseudothread is still enabled. +/* nbbio_enable_write() enables a write pseudothread (if one +/* does not already exist) for the named buffer pair, and +/* (re)starts the buffer pair's timer. It is an error to enable +/* a write pseudothread while the write buffer is empty, or +/* while a read pseudothread is still enabled. /* /* nbbio_disable_readwrite() disables any read/write pseudothreads /* for the named buffer pair, including timeouts. To ensure @@ -260,7 +262,7 @@ void nbbio_enable_read(NBBIO *np, int timeout) /* * Sanity checks. */ - if (np->flags & NBBIO_MASK_ACTIVE) + if (np->flags & (NBBIO_MASK_ACTIVE & ~NBBIO_FLAG_READ)) msg_panic("%s: socket fd=%d is enabled for %s", myname, np->fd, NBBIO_OP_NAME(np)); if (timeout <= 0) @@ -273,9 +275,11 @@ void nbbio_enable_read(NBBIO *np, int timeout) /* * Enable events. */ - event_enable_read(np->fd, nbbio_event, (void *) np); + if ((np->flags & NBBIO_FLAG_READ) == 0) { + event_enable_read(np->fd, nbbio_event, (void *) np); + np->flags |= NBBIO_FLAG_READ; + } event_request_timer(nbbio_event, (void *) np, timeout); - np->flags |= NBBIO_FLAG_READ; } /* nbbio_enable_write - enable writing from buffer to socket */ @@ -287,11 +291,11 @@ void nbbio_enable_write(NBBIO *np, int timeout) /* * Sanity checks. */ - if (np->flags & NBBIO_MASK_ACTIVE) + if (np->flags & (NBBIO_MASK_ACTIVE & ~NBBIO_FLAG_WRITE)) msg_panic("%s: socket fd=%d is enabled for %s", myname, np->fd, NBBIO_OP_NAME(np)); if (timeout <= 0) - msg_panic("%s: socket fd=%d bad timeout %d", + msg_panic("%s: socket fd=%d: bad timeout %d", myname, np->fd, timeout); if (np->write_pend <= 0) msg_panic("%s: socket fd=%d: empty write buffer", @@ -300,9 +304,11 @@ void nbbio_enable_write(NBBIO *np, int timeout) /* * Enable events. */ - event_enable_write(np->fd, nbbio_event, (void *) np); + if ((np->flags & NBBIO_FLAG_WRITE) == 0) { + event_enable_write(np->fd, nbbio_event, (void *) np); + np->flags |= NBBIO_FLAG_WRITE; + } event_request_timer(nbbio_event, (void *) np, timeout); - np->flags |= NBBIO_FLAG_WRITE; } /* nbbio_disable_readwrite - disable read/write/timer events */