mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-28 12:48:01 +00:00
Code Issues Releases Wiki Activity

postfix-3.6-20200515

Browse Source
This commit is contained in:
Wietse Venema 2020-05-15 00:00:00 -05:00 committed by Viktor Dukhovni
parent 8dec727b26
commit 1b8b9b91f3
6 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
postfix/HISTORY
View File

@ -24760,3 +24760,25 @@ Apologies for any names omitted.
Bitrot: avoid U_FILE_ACCESS_ERROR after chroot(), by Bitrot: avoid U_FILE_ACCESS_ERROR after chroot(), by
initializing the ICU library before making the chroot() initializing the ICU library before making the chroot()
call. Files: util/midna_domain.[hc], global/mail_params.c. call. Files: util/midna_domain.[hc], global/mail_params.c.
20200511
Noise suppression: spurious "SSL_Shutdown:shutdown while
in init" warnings. File: tls/tls_session.c.
Debugging: with a single -v, the cleanup server now also
logs output envelope records, so that one -v option shows
the input and output. File: cleanup_out.c.
20200515
Bugfix (introduced: Postfix 2.2): TLS error status info
from a PostgreSQL client caused a false 'lost connection'
error for an SMTP-over-TLS session in the same Postfix
process. Reported by Alexander Vasarab, diagnosed by Viktor
Dukhovni. File: tls/tls_bio_ops.c.
Bugfix (introduced: Postfix 2.8): TLS error status info
from one TLS session may cause a false 'lost connection'
error for concurrent TLS sessions in the same tlsproxy
process. File: tlsproxy/tlsproxy.c.

3
postfix/src/cleanup/cleanup_out.c
View File

@ -118,6 +118,9 @@ void cleanup_out(CLEANUP_STATE *state, int type, const char *string, ssize_t
#define TEXT_RECORD(t) ((t) == REC_TYPE_NORM || (t) == REC_TYPE_CONT) #define TEXT_RECORD(t) ((t) == REC_TYPE_NORM || (t) == REC_TYPE_CONT)
if (msg_verbose && !TEXT_RECORD(type))
msg_info("cleanup_out: %c %.*s", type, (int) len, string);
if (var_line_limit <= 0) if (var_line_limit <= 0)
msg_panic("cleanup_out: bad line length limit: %d", var_line_limit); msg_panic("cleanup_out: bad line length limit: %d", var_line_limit);
do { do {

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20200511" #define MAIL_RELEASE_DATE "20200515"
#define MAIL_VERSION_NUMBER "3.6" #define MAIL_VERSION_NUMBER "3.6"
#ifdef SNAPSHOT #ifdef SNAPSHOT

7
postfix/src/tls/tls_bio_ops.c
View File

@ -194,6 +194,13 @@ int tls_bio(int fd, int timeout, TLS_SESS_STATE *TLScontext,
* handling any pending network I/O. * handling any pending network I/O.
*/ */
for (;;) { for (;;) {
/*
* Flush the per-thread SSL error queue. Otherwise, errors from other
* code that also uses TLS may confuse SSL_get_error(3).
*/
ERR_clear_error();
if (hsfunc) if (hsfunc)
status = hsfunc(TLScontext->con); status = hsfunc(TLScontext->con);
else if (rfunc) else if (rfunc)

2
postfix/src/tls/tls_session.c
View File

@ -118,7 +118,7 @@ void tls_session_stop(TLS_APPL_STATE *unused_ctx, VSTREAM *stream, int timeou
* so we will not perform SSL_shutdown() and the session will be removed * so we will not perform SSL_shutdown() and the session will be removed
* as being bad. * as being bad.
*/ */
if (!failure) { if (!failure && !SSL_in_init(TLScontext->con)) {
retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext); retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
if (!var_tls_fast_shutdown && retval == 0) if (!var_tls_fast_shutdown && retval == 0)
tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext); tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);

4
postfix/src/tlsproxy/tlsproxy.c
View File

@ -781,6 +781,7 @@ static void tlsp_strategy(TLSP_STATE *state)
*/ */
if (state->flags & TLSP_FLAG_DO_HANDSHAKE) { if (state->flags & TLSP_FLAG_DO_HANDSHAKE) {
state->timeout = state->handshake_timeout; state->timeout = state->handshake_timeout;
ERR_clear_error();
if (state->is_server_role) if (state->is_server_role)
ssl_stat = SSL_accept(tls_context->con); ssl_stat = SSL_accept(tls_context->con);
else else
@ -809,6 +810,7 @@ static void tlsp_strategy(TLSP_STATE *state)
if (NBBIO_ERROR_FLAGS(plaintext_buf)) { if (NBBIO_ERROR_FLAGS(plaintext_buf)) {
if (NBBIO_ACTIVE_FLAGS(plaintext_buf)) if (NBBIO_ACTIVE_FLAGS(plaintext_buf))
nbbio_disable_readwrite(state->plaintext_buf); nbbio_disable_readwrite(state->plaintext_buf);
ERR_clear_error();
if (!SSL_in_init(tls_context->con) if (!SSL_in_init(tls_context->con)
&& (ssl_stat = SSL_shutdown(tls_context->con)) < 0) { && (ssl_stat = SSL_shutdown(tls_context->con)) < 0) {
handshake_err = SSL_get_error(tls_context->con, ssl_stat); handshake_err = SSL_get_error(tls_context->con, ssl_stat);
@ -838,6 +840,7 @@ static void tlsp_strategy(TLSP_STATE *state)
*/ */
ssl_write_err = SSL_ERROR_NONE; ssl_write_err = SSL_ERROR_NONE;
while (NBBIO_READ_PEND(plaintext_buf) > 0) { while (NBBIO_READ_PEND(plaintext_buf) > 0) {
ERR_clear_error();
ssl_stat = SSL_write(tls_context->con, NBBIO_READ_BUF(plaintext_buf), ssl_stat = SSL_write(tls_context->con, NBBIO_READ_BUF(plaintext_buf),
NBBIO_READ_PEND(plaintext_buf)); NBBIO_READ_PEND(plaintext_buf));
ssl_write_err = SSL_get_error(tls_context->con, ssl_stat); ssl_write_err = SSL_get_error(tls_context->con, ssl_stat);
@ -870,6 +873,7 @@ static void tlsp_strategy(TLSP_STATE *state)
*/ */
ssl_read_err = SSL_ERROR_NONE; ssl_read_err = SSL_ERROR_NONE;
while (NBBIO_WRITE_PEND(state->plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) { while (NBBIO_WRITE_PEND(state->plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) {
ERR_clear_error();
ssl_stat = SSL_read(tls_context->con, ssl_stat = SSL_read(tls_context->con,
NBBIO_WRITE_BUF(plaintext_buf) NBBIO_WRITE_BUF(plaintext_buf)
+ NBBIO_WRITE_PEND(state->plaintext_buf), + NBBIO_WRITE_PEND(state->plaintext_buf),