From 1c16cbb9ebeedda517d3bf7c907a66e06a0c78e3 Mon Sep 17 00:00:00 2001 From: Wietse Z Venema Date: Sun, 16 Feb 2025 00:00:00 -0500 Subject: [PATCH] postfix-3.7.13 --- postfix/HISTORY | 74 +++++++++++++++++++++ postfix/html/lmtp.8.html | 2 +- postfix/html/postconf.5.html | 67 +++++++++++++++++-- postfix/html/smtp.8.html | 2 +- postfix/man/man5/postconf.5 | 86 +++++++++++++++++++++++-- postfix/man/man8/smtp.8 | 10 ++- postfix/proto/postconf.proto | 67 +++++++++++++++++-- postfix/src/bounce/bounce_notify_util.c | 3 +- postfix/src/cleanup/cleanup_message.c | 2 +- postfix/src/global/dict_mysql.c | 3 + postfix/src/global/dict_pgsql.c | 3 + postfix/src/global/mail_params.h | 2 +- postfix/src/global/mail_version.h | 4 +- postfix/src/global/smtputf8.h | 5 ++ postfix/src/oqmgr/Makefile.in | 1 + postfix/src/oqmgr/qmgr_message.c | 3 + postfix/src/qmgr/Makefile.in | 1 + postfix/src/qmgr/qmgr_message.c | 3 + postfix/src/smtp/smtp.c | 10 ++- postfix/src/tls/tls_misc.c | 74 ++++++++++++++------- postfix/src/util/peekfd.c | 3 + 21 files changed, 361 insertions(+), 64 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index c8fecb672..2cda6d489 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -26804,3 +26804,77 @@ Apologies for any names omitted. by Postfix (for example, a From: header with UTF8 full name information from the password file). Reported by Michael Tokarev. File: src/cleanup/cleanup_message.c. + +20241205 + + Portability: include for a SUNOS5 workaround. + Gary R. Schmidt. File: util/peekfd.c. + +20241230 + + Bugfix (defect introduced: Postfix 3.3, date 20180107) small + memory leak in the cleanup daemon when generating a "From: + full-name " message header. The impact is limited + because the number of requests is bounded by the "max_use" + configuration parameter. Found during code maintenance. + File: cleanup/cleanup_message.c. + +20250111 + + Forward compatibility: ignore new queue file flag bits that may + be used with Postfix 3.10 and later. This is a safety in case + a Postfix 3.10 upgrade needs to be rolled back, after the new + TLS-Required feature has been used. Files: global/smtputf8.h, + *qmgr/qmgr_message.c. + +20250115 + + Bugfix (defect introduced: Postfix 3.0): the bounce daemon + mangled a non-ASCII address localpart in the "X-Postfix-Sender:" + field of a delivery status notification. It backslash-escaped + each byte in a multi-byte character. This behavior was + implemented in Postfix 2.1 (no support for UTF8 local-parts), + but it became incorrect after SMTPUTF8 support was implemented + in Postfix 3.0. File: bounce/bounce_notify_util.c. + +20250207 + + Performance: when a mysql: or pgsql: configuration specifies + a single host, assume that it is a load balancer and reconnect + immediately after a single failure, instead of failing all + requests for 60s. Files: global/dict_pgsql.c, global/dict_mysql.c. + +20250210 + + Bugfix (defect introduced: Postfix 3.6): Reverted the default + smtp_tls_dane_insecure_mx_policy setting to "dane" as of Postfix + 3.6.17, 3.7.13, 3.8.8, 3.9.2, and 3.10.0. By mistake the default + was dependent on the smtp_tls_security_level setting. Files: + global/mail_params.h, proto/postconf.proto, smtp/smtp.c. + +20250212 + + Support for OpenSSL 3.5 post-quantum cryptography. To manage + algorithm selection, OpenSSL introduces new TLS group syntax + that Postfix will not attempt to imitate. Instead, Postfix + now allows the tls_eecdh_auto_curves and tls_ffdhe_auto_groups + parameter values to have an empty value. When both are set + empty, the algorithm selection can be managed through OpenSSL + configuration. Viktor Dukhovni. File: tls/tls_misc.c. + + Bugfix (defect introduced: Postfix 3.4, date 20181113): a + server with multiple TLS certificates could report, for a + resumed TLS session, the wrong server-signature and + server-digest names in logging and Received: message headers. + Viktor Dukhovni. File: tls/tls_misc.c. + +20250213 + + Documentation: updated postconf(5) that the parameters + smtpd_tls_eecdh_grade, tls_eecdh_strong_curve, + tls_eecdh_ultra_curve, and tlsproxy_tls_eecdh_grade, are + not used since Postfix 3.6; updated the tls_eecdh_auto_curves + and tls_ffdhe_auto_groups description with post-quantum + configuration; added a post-quantum example to the + tls_config_file description. File: proto/postconf.proto. + The unused parameters will be deleted in Postfix 3.11. diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index 8593cdebf..b20be0d10 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -662,7 +662,7 @@ SMTP(8) SMTP(8) Available in Postfix version 3.1 and later: - smtp_tls_dane_insecure_mx_policy (see 'postconf -d' output) + smtp_tls_dane_insecure_mx_policy (dane) The TLS policy for MX hosts with "secure" TLSA records when the nexthop destination security level is dane, but the MX record was found via an "insecure" MX lookup. diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 49a1bcb22..7faea14fc 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -12871,7 +12871,7 @@ TLS connection reuse" for background details.

smtp_tls_dane_insecure_mx_policy -(default: see "postconf -d" output)
+(default: dane)

The TLS policy for MX hosts with "secure" TLSA records when the nexthop destination security level is dane, but the MX @@ -12895,10 +12895,9 @@ authentication succeeds, it will be logged only as "Trusted", not "Verified", because the MX host name could have been forged.

-

The default setting for Postfix ≥ 3.6 is "dane" with -"smtp_tls_security_level = dane", otherwise "may". This behavior -was backported to Postfix versions 3.5.9, 3.4.19, 3.3.16. 3.2.21. -With earlier Postfix versions the default setting was always "dane". +

The default setting is "dane" as of Postfix versions 3.6.17, +3.7.13, 3.8.8, 3.9.2, and 3.10.0. With earlier versions the default +was mistakenly dependent on the smtp_tls_security_level setting.

Though with "insecure" MX records an active attacker can @@ -18219,6 +18218,8 @@ this parameter is always ignored, and Postfix behaves as though the auto value (described below) was chosen.

+

This feature is not used as of Postfix 3.6. Do not specify.

+

The available choices are:

@@ -19360,6 +19361,45 @@ MinProtocol = TLSv1 +

Example: Custom OpenSSL group settings.

+ +
+main.cf:
+    tls_config_file = ${config_directory}/openssl.cnf
+    tls_config_name = postfix
+
+ +
+openssl.cnf:
+    postfix = postfix_settings
+
+ +
+    [postfix_settings]
+    ssl_conf = postfix_ssl_settings
+
+ +
+    [postfix_ssl_settings]
+    system_default = baseline_postfix_settings
+
+ +
+    [baseline_postfix_settings]
+    # New OpenSSL 3.5 syntax, for older releases consider
+    # the Postfix default:
+    #
+    # Groups = X25519:X448:prime256v1:secp384r1:secp521r1:ffdhe2048:ffdhe3072
+    #
+    Groups = *X25519MLKEM768 / *X25519:X448 / P-256:P-384
+
+ +

Caution: It is typically best to just use the default OpenSSL +group settings, by setting "tls_config_file = none". Overly strict +system-wide TLS settings will conflict with Postfix's opportunistic +TLS, where being less restrictive is better than downgrading to +cleartext SMTP.

+

This feature is available in Postfix ≥ 3.9, 3.8.1, 3.7.6, 3.6.10, and 3.5.20.

@@ -19552,8 +19592,7 @@ be using 0.9.6! (default: see "postconf -d" output)

The prioritized list of elliptic curves supported by the Postfix -SMTP client and server. These curves are used by the Postfix SMTP -server when "smtpd_tls_eecdh_grade = auto". The selected curves +SMTP client and server. The selected curves must be implemented by OpenSSL and be standardized for use in TLS (RFC 8422). It is unwise to list only "bleeding-edge" curves supported by a small subset of clients. The @@ -19568,6 +19607,14 @@ support for either or both may be missing. These curves may appear in the default value of this parameter, even though they'll only be usable with later versions of OpenSSL.

+

Post-quantum cryptography support: OpenSSL 3.5 introduces new +configuration syntax that Postfix will not attempt to imitate. +Instead, with Postfix 3.6.17, 3.7.13, 3.8.8, 3.9.2, and later, set +both tls_eecdh_auto_curves and if available tls_ffdhe_auto_groups +to the empty value, to enable algorithm selection through OpenSSL +configuration. See tls_config_file for a configuration example. +

+

This feature is available in Postfix 3.2 and later, when it is compiled and linked with OpenSSL 1.0.2 or later on platforms where EC algorithms have not been disabled by the vendor.

@@ -19591,6 +19638,8 @@ must support this curve for EECDH key exchange to take place. It is unwise to choose only "bleeding-edge" curves supported by only a small subset of clients.

+

This feature is not used as of Postfix 3.6. Do not specify.

+

The default "strong" curve is rated in NSA Suite B for information classified up to SECRET.

@@ -19635,6 +19684,8 @@ client implementations must support this curve for EECDH key exchange to take place. It is unwise to choose only "bleeding-edge" curves supported by only a small subset of clients.

+

This feature is not used as of Postfix 3.6. Do not specify.

+

This default "ultra" curve is rated in NSA Suite B for information classified up to TOP SECRET.

@@ -20594,6 +20645,8 @@ the "tlsproxy_tls_chain_files elliptic-curve Diffie-Hellman (EECDH) key exchange. See smtpd_tls_eecdh_grade for further details.

+

This feature is not used as of Postfix 3.6. Do not specify.

+

This feature is available in Postfix 2.8 and later.

diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 8593cdebf..b20be0d10 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -662,7 +662,7 @@ SMTP(8) SMTP(8) Available in Postfix version 3.1 and later: - smtp_tls_dane_insecure_mx_policy (see 'postconf -d' output) + smtp_tls_dane_insecure_mx_policy (dane) The TLS policy for MX hosts with "secure" TLSA records when the nexthop destination security level is dane, but the MX record was found via an "insecure" MX lookup. diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index ae694bbb3..75be7be46 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -8383,7 +8383,7 @@ See "Client\-side TLS connection reuse" for background details. .PP This feature is available in Postfix 3.4 and later. -.SH smtp_tls_dane_insecure_mx_policy (default: see "postconf \-d" output) +.SH smtp_tls_dane_insecure_mx_policy (default: dane) The TLS policy for MX hosts with "secure" TLSA records when the nexthop destination security level is \fBdane\fR, but the MX record was found via an "insecure" MX lookup. The choices are: @@ -8404,10 +8404,9 @@ authentication succeeds, it will be logged only as "Trusted", not "Verified", because the MX host name could have been forged. .br .br -The default setting for Postfix >= 3.6 is "dane" with -"smtp_tls_security_level = dane", otherwise "may". This behavior -was backported to Postfix versions 3.5.9, 3.4.19, 3.3.16. 3.2.21. -With earlier Postfix versions the default setting was always "dane". +The default setting is "dane" as of Postfix versions 3.6.17, +3.7.13, 3.8.8, 3.9.2, and 3.10.0. With earlier versions the default +was mistakenly dependent on the smtp_tls_security_level setting. .PP Though with "insecure" MX records an active attacker can compromise SMTP transport security by returning forged MX records, @@ -12829,6 +12828,8 @@ Diffie\-Hellman (EECDH) key exchange. As of Postfix 3.6, the value of this parameter is always ignored, and Postfix behaves as though the \fBauto\fR value (described below) was chosen. .PP +This feature is not used as of Postfix 3.6. Do not specify. +.PP The available choices are: .IP "\fBauto\fR" Use the most preferred curve that is @@ -13768,6 +13769,65 @@ MinProtocol = TLSv1 .ft R .in -4 .PP +Example: Custom OpenSSL group settings. +.PP +.nf +.na +.ft C +main.cf: + tls_config_file = ${config_directory}/openssl.cnf + tls_config_name = postfix +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +openssl.cnf: + postfix = postfix_settings +.fi +.ad +.ft R +.PP +.nf +.na +.ft C + [postfix_settings] + ssl_conf = postfix_ssl_settings +.fi +.ad +.ft R +.PP +.nf +.na +.ft C + [postfix_ssl_settings] + system_default = baseline_postfix_settings +.fi +.ad +.ft R +.PP +.nf +.na +.ft C + [baseline_postfix_settings] + # New OpenSSL 3.5 syntax, for older releases consider + # the Postfix default: + # + # Groups = X25519:X448:prime256v1:secp384r1:secp521r1:ffdhe2048:ffdhe3072 + # + Groups = *X25519MLKEM768 / *X25519:X448 / P\-256:P\-384 +.fi +.ad +.ft R +.PP +Caution: It is typically best to just use the default OpenSSL +group settings, by setting "tls_config_file = none". Overly strict +system\-wide TLS settings will conflict with Postfix's opportunistic +TLS, where being less restrictive is better than downgrading to +cleartext SMTP. +.PP This feature is available in Postfix >= 3.9, 3.8.1, 3.7.6, 3.6.10, and 3.5.20. .SH tls_config_name (default: empty) @@ -13929,8 +13989,7 @@ Postfix >= 3.4. See \fBSSL_CTX_set_options\fR(3). This feature is available in Postfix 2.8 and later. .SH tls_eecdh_auto_curves (default: see "postconf \-d" output) The prioritized list of elliptic curves supported by the Postfix -SMTP client and server. These curves are used by the Postfix SMTP -server when "smtpd_tls_eecdh_grade = auto". The selected curves +SMTP client and server. The selected curves must be implemented by OpenSSL and be standardized for use in TLS (RFC 8422). It is unwise to list only "bleeding\-edge" curves supported by a small subset of clients. The @@ -13945,6 +14004,13 @@ support for either or both may be missing. These curves may appear in the default value of this parameter, even though they'll only be usable with later versions of OpenSSL. .PP +Post\-quantum cryptography support: OpenSSL 3.5 introduces new +configuration syntax that Postfix will not attempt to imitate. +Instead, with Postfix 3.6.17, 3.7.13, 3.8.8, 3.9.2, and later, set +both tls_eecdh_auto_curves and if available tls_ffdhe_auto_groups +to the empty value, to enable algorithm selection through OpenSSL +configuration. See tls_config_file for a configuration example. +.PP This feature is available in Postfix 3.2 and later, when it is compiled and linked with OpenSSL 1.0.2 or later on platforms where EC algorithms have not been disabled by the vendor. @@ -13962,6 +14028,8 @@ must support this curve for EECDH key exchange to take place. It is unwise to choose only "bleeding\-edge" curves supported by only a small subset of clients. .PP +This feature is not used as of Postfix 3.6. Do not specify. +.PP The default "strong" curve is rated in NSA Suite B for information classified up to SECRET. .PP @@ -13997,6 +14065,8 @@ client implementations must support this curve for EECDH key exchange to take place. It is unwise to choose only "bleeding\-edge" curves supported by only a small subset of clients. .PP +This feature is not used as of Postfix 3.6. Do not specify. +.PP This default "ultra" curve is rated in NSA Suite B for information classified up to TOP SECRET. .PP @@ -14636,6 +14706,8 @@ The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral elliptic\-curve Diffie\-Hellman (EECDH) key exchange. See smtpd_tls_eecdh_grade for further details. .PP +This feature is not used as of Postfix 3.6. Do not specify. +.PP This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_exclude_ciphers (default: $smtpd_tls_exclude_ciphers) List of ciphers or cipher types to exclude from the \fBtlsproxy\fR(8) diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 543ef7811..43f7760a1 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -460,9 +460,7 @@ FROM command in SASL\-authenticated SMTP sessions. Detailed information about STARTTLS configuration may be found in the TLS_README document. .IP "\fBsmtp_tls_security_level (empty)\fR" -The default SMTP TLS security level for the Postfix SMTP client; -when a non\-empty value is specified, this overrides the obsolete -parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. +The default SMTP TLS security level for the Postfix SMTP client. .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" The SASL authentication security options that the Postfix SMTP client uses for TLS encrypted SMTP sessions. @@ -595,10 +593,10 @@ The name of the \fBtlsmgr\fR(8) service entry in master.cf. Available in Postfix version 3.0 and later: .IP "\fBsmtp_tls_wrappermode (no)\fR" Request that the Postfix SMTP client connects using the -legacy SMTPS protocol instead of using the STARTTLS command. +SUBMISSIONS/SMTPS protocol instead of using the STARTTLS command. .PP Available in Postfix version 3.1 and later: -.IP "\fBsmtp_tls_dane_insecure_mx_policy (see 'postconf -d' output)\fR" +.IP "\fBsmtp_tls_dane_insecure_mx_policy (dane)\fR" The TLS policy for MX hosts with "secure" TLSA records when the nexthop destination security level is \fBdane\fR, but the MX record was found via an "insecure" MX lookup. @@ -767,7 +765,7 @@ transport. Preliminary SMTPUTF8 support is introduced with Postfix 3.0. .IP "\fBsmtputf8_enable (yes)\fR" Enable preliminary SMTPUTF8 support for the protocols described -in RFC 6531..6533. +in RFC 6531, RFC 6532, and RFC 6533. .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" Detect that a message requires SMTPUTF8 support for the specified mail origin classes. diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 10b47cf08..cb78f0baf 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -13088,8 +13088,7 @@ parameter. See there for details.

%PARAM tls_eecdh_auto_curves see "postconf -d" output

The prioritized list of elliptic curves supported by the Postfix -SMTP client and server. These curves are used by the Postfix SMTP -server when "smtpd_tls_eecdh_grade = auto". The selected curves +SMTP client and server. The selected curves must be implemented by OpenSSL and be standardized for use in TLS (RFC 8422). It is unwise to list only "bleeding-edge" curves supported by a small subset of clients. The @@ -13104,6 +13103,14 @@ support for either or both may be missing. These curves may appear in the default value of this parameter, even though they'll only be usable with later versions of OpenSSL.

+

Post-quantum cryptography support: OpenSSL 3.5 introduces new +configuration syntax that Postfix will not attempt to imitate. +Instead, with Postfix 3.6.17, 3.7.13, 3.8.8, 3.9.2, and later, set +both tls_eecdh_auto_curves and if available tls_ffdhe_auto_groups +to the empty value, to enable algorithm selection through OpenSSL +configuration. See tls_config_file for a configuration example. +

+

This feature is available in Postfix 3.2 and later, when it is compiled and linked with OpenSSL 1.0.2 or later on platforms where EC algorithms have not been disabled by the vendor.

@@ -13123,6 +13130,8 @@ must support this curve for EECDH key exchange to take place. It is unwise to choose only "bleeding-edge" curves supported by only a small subset of clients.

+

This feature is not used as of Postfix 3.6. Do not specify.

+

The default "strong" curve is rated in NSA Suite B for information classified up to SECRET.

@@ -13163,6 +13172,8 @@ client implementations must support this curve for EECDH key exchange to take place. It is unwise to choose only "bleeding-edge" curves supported by only a small subset of clients.

+

This feature is not used as of Postfix 3.6. Do not specify.

+

This default "ultra" curve is rated in NSA Suite B for information classified up to TOP SECRET.

@@ -13189,6 +13200,8 @@ this parameter is always ignored, and Postfix behaves as though the auto value (described below) was chosen.

+

This feature is not used as of Postfix 3.6. Do not specify.

+

The available choices are:

@@ -15611,6 +15624,8 @@ the "tlsproxy_tls_chain_files" parameter.

elliptic-curve Diffie-Hellman (EECDH) key exchange. See smtpd_tls_eecdh_grade for further details.

+

This feature is not used as of Postfix 3.6. Do not specify.

+

This feature is available in Postfix 2.8 and later.

%PARAM tlsproxy_tls_exclude_ciphers $smtpd_tls_exclude_ciphers @@ -17215,7 +17230,7 @@ clients).

This feature is available in Postfix 3.1 and later.

-%PARAM smtp_tls_dane_insecure_mx_policy see "postconf -d" output +%PARAM smtp_tls_dane_insecure_mx_policy dane

The TLS policy for MX hosts with "secure" TLSA records when the nexthop destination security level is dane, but the MX @@ -17239,10 +17254,9 @@ authentication succeeds, it will be logged only as "Trusted", not "Verified", because the MX host name could have been forged.

-

The default setting for Postfix ≥ 3.6 is "dane" with -"smtp_tls_security_level = dane", otherwise "may". This behavior -was backported to Postfix versions 3.5.9, 3.4.19, 3.3.16. 3.2.21. -With earlier Postfix versions the default setting was always "dane". +

The default setting is "dane" as of Postfix versions 3.6.17, +3.7.13, 3.8.8, 3.9.2, and 3.10.0. With earlier versions the default +was mistakenly dependent on the smtp_tls_security_level setting.

Though with "insecure" MX records an active attacker can @@ -18534,6 +18548,45 @@ MinProtocol = TLSv1 +

Example: Custom OpenSSL group settings.

+ +
+main.cf:
+    tls_config_file = ${config_directory}/openssl.cnf
+    tls_config_name = postfix
+
+ +
+openssl.cnf:
+    postfix = postfix_settings
+
+ +
+    [postfix_settings]
+    ssl_conf = postfix_ssl_settings
+
+ +
+    [postfix_ssl_settings]
+    system_default = baseline_postfix_settings
+
+ +
+    [baseline_postfix_settings]
+    # New OpenSSL 3.5 syntax, for older releases consider
+    # the Postfix default:
+    #
+    # Groups = X25519:X448:prime256v1:secp384r1:secp521r1:ffdhe2048:ffdhe3072
+    #
+    Groups = *X25519MLKEM768 / *X25519:X448 / P-256:P-384
+
+ +

Caution: It is typically best to just use the default OpenSSL +group settings, by setting "tls_config_file = none". Overly strict +system-wide TLS settings will conflict with Postfix's opportunistic +TLS, where being less restrictive is better than downgrading to +cleartext SMTP.

+

This feature is available in Postfix ≥ 3.9, 3.8.1, 3.7.6, 3.6.10, and 3.5.20.

diff --git a/postfix/src/bounce/bounce_notify_util.c b/postfix/src/bounce/bounce_notify_util.c index 781a5257f..6661f8f7c 100644 --- a/postfix/src/bounce/bounce_notify_util.c +++ b/postfix/src/bounce/bounce_notify_util.c @@ -356,7 +356,8 @@ static BOUNCE_INFO *bounce_mail_alloc(const char *service, quote_822_local_flags(bounce_info->sender, VSTRING_LEN(bounce_info->buf) ? STR(bounce_info->buf) : - mail_addr_mail_daemon(), 0); + mail_addr_mail_daemon(), + QUOTE_FLAG_8BITCLEAN); } /* diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c index 07dfa161b..495203bb3 100644 --- a/postfix/src/cleanup/cleanup_message.c +++ b/postfix/src/cleanup/cleanup_message.c @@ -779,7 +779,7 @@ static void cleanup_header_done_callback(void *context) } if (token) { tok822_externalize(state->temp2, token, TOK822_STR_NONE); - tok822_free(token); + tok822_free_tree(token); vstring_strcat(state->temp2, " "); } vstring_sprintf_append(state->temp2, "<%s>", diff --git a/postfix/src/global/dict_mysql.c b/postfix/src/global/dict_mysql.c index 735e1959c..58f800531 100644 --- a/postfix/src/global/dict_mysql.c +++ b/postfix/src/global/dict_mysql.c @@ -798,6 +798,9 @@ static void mysql_parse_config(DICT_MYSQL *dict_mysql, const char *mysqlcf) msg_info("%s: %s: no hostnames specified, defaulting to '%s'", myname, mysqlcf, dict_mysql->hosts->argv[0]); } + /* Don't blacklist the load balancer! */ + if (dict_mysql->hosts->argc == 1) + argv_add(dict_mysql->hosts, dict_mysql->hosts->argv[0], (char *) 0); myfree(hosts); } diff --git a/postfix/src/global/dict_pgsql.c b/postfix/src/global/dict_pgsql.c index 8eac25606..c367549c3 100644 --- a/postfix/src/global/dict_pgsql.c +++ b/postfix/src/global/dict_pgsql.c @@ -776,6 +776,9 @@ static void pgsql_parse_config(DICT_PGSQL *dict_pgsql, const char *pgsqlcf) msg_info("%s: %s: no hostnames specified, defaulting to '%s'", myname, pgsqlcf, dict_pgsql->hosts->argv[0]); } + /* Don't blacklist the load balancer! */ + if (dict_pgsql->hosts->argc == 1) + argv_add(dict_pgsql->hosts, dict_pgsql->hosts->argv[0], (char *) 0); myfree(hosts); } diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index c579ef0c7..7f857b035 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -1650,7 +1650,7 @@ extern bool var_smtp_tls_force_tlsa; /* SMTP only */ #define VAR_SMTP_TLS_INSECURE_MX_POLICY "smtp_tls_dane_insecure_mx_policy" -#define DEF_SMTP_TLS_INSECURE_MX_POLICY "${{$smtp_tls_security_level} == {dane} ? {dane} : {may}}" +#define DEF_SMTP_TLS_INSECURE_MX_POLICY "dane" extern char *var_smtp_tls_insecure_mx_policy; /* diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index b2a4aed75..5977e1a8c 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20241204" -#define MAIL_VERSION_NUMBER "3.7.12" +#define MAIL_RELEASE_DATE "20250216" +#define MAIL_VERSION_NUMBER "3.7.13" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/global/smtputf8.h b/postfix/src/global/smtputf8.h index 95d658356..91f0b8ec9 100644 --- a/postfix/src/global/smtputf8.h +++ b/postfix/src/global/smtputf8.h @@ -99,6 +99,11 @@ extern int smtputf8_autodetect(int); #define SMTPUTF8_FLAG_SENDER (1<<2) /* queue file/delivery/bounce request */ #define SMTPUTF8_FLAG_RECIPIENT (1<<3) /* delivery request only */ +#define SMTPUTF8_FLAG_ALL (SMTPUTF8_FLAG_REQUESTED \ + | SMTPUTF8_FLAG_HEADER \ + | SMTPUTF8_FLAG_SENDER \ + | SMTPUTF8_FLAG_RECIPIENT) + /* LICENSE /* .ad /* .fi diff --git a/postfix/src/oqmgr/Makefile.in b/postfix/src/oqmgr/Makefile.in index 593042b28..ab841d13e 100644 --- a/postfix/src/oqmgr/Makefile.in +++ b/postfix/src/oqmgr/Makefile.in @@ -285,6 +285,7 @@ qmgr_message.o: ../../include/resolve_clnt.h qmgr_message.o: ../../include/rewrite_clnt.h qmgr_message.o: ../../include/scan_dir.h qmgr_message.o: ../../include/sent.h +qmgr_message.o: ../../include/smtputf8.h qmgr_message.o: ../../include/split_addr.h qmgr_message.o: ../../include/split_at.h qmgr_message.o: ../../include/stringops.h diff --git a/postfix/src/oqmgr/qmgr_message.c b/postfix/src/oqmgr/qmgr_message.c index b885264a2..fda3ee55f 100644 --- a/postfix/src/oqmgr/qmgr_message.c +++ b/postfix/src/oqmgr/qmgr_message.c @@ -137,6 +137,7 @@ #include #include #include +#include /* Client stubs. */ @@ -562,6 +563,8 @@ static int qmgr_message_read(QMGR_MESSAGE *message) rec_type = REC_TYPE_ERROR; break; } + /* Forward compatibility. */ + message->smtputf8 &= SMTPUTF8_FLAG_ALL; } else if (count == 1) { /* Postfix < 1.0 (a.k.a. 20010228). */ qmgr_message_oldstyle_scan(message); diff --git a/postfix/src/qmgr/Makefile.in b/postfix/src/qmgr/Makefile.in index 79d92b2f3..935b7ff21 100644 --- a/postfix/src/qmgr/Makefile.in +++ b/postfix/src/qmgr/Makefile.in @@ -301,6 +301,7 @@ qmgr_message.o: ../../include/rewrite_clnt.h qmgr_message.o: ../../include/sane_time.h qmgr_message.o: ../../include/scan_dir.h qmgr_message.o: ../../include/sent.h +qmgr_message.o: ../../include/smtputf8.h qmgr_message.o: ../../include/split_addr.h qmgr_message.o: ../../include/split_at.h qmgr_message.o: ../../include/stringops.h diff --git a/postfix/src/qmgr/qmgr_message.c b/postfix/src/qmgr/qmgr_message.c index 79143f3d3..9ae9cdd55 100644 --- a/postfix/src/qmgr/qmgr_message.c +++ b/postfix/src/qmgr/qmgr_message.c @@ -146,6 +146,7 @@ #include #include #include +#include /* Client stubs. */ @@ -603,6 +604,8 @@ static int qmgr_message_read(QMGR_MESSAGE *message) rec_type = REC_TYPE_ERROR; break; } + /* Forward compatibility. */ + message->smtputf8 &= SMTPUTF8_FLAG_ALL; } else if (count == 1) { /* Postfix < 1.0 (a.k.a. 20010228). */ qmgr_message_oldstyle_scan(message); diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 791ec89e7..75e7e0c91 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -426,9 +426,7 @@ /* Detailed information about STARTTLS configuration may be found /* in the TLS_README document. /* .IP "\fBsmtp_tls_security_level (empty)\fR" -/* The default SMTP TLS security level for the Postfix SMTP client; -/* when a non-empty value is specified, this overrides the obsolete -/* parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. +/* The default SMTP TLS security level for the Postfix SMTP client. /* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" /* The SASL authentication security options that the Postfix SMTP /* client uses for TLS encrypted SMTP sessions. @@ -561,10 +559,10 @@ /* Available in Postfix version 3.0 and later: /* .IP "\fBsmtp_tls_wrappermode (no)\fR" /* Request that the Postfix SMTP client connects using the -/* legacy SMTPS protocol instead of using the STARTTLS command. +/* SUBMISSIONS/SMTPS protocol instead of using the STARTTLS command. /* .PP /* Available in Postfix version 3.1 and later: -/* .IP "\fBsmtp_tls_dane_insecure_mx_policy (see 'postconf -d' output)\fR" +/* .IP "\fBsmtp_tls_dane_insecure_mx_policy (dane)\fR" /* The TLS policy for MX hosts with "secure" TLSA records when the /* nexthop destination security level is \fBdane\fR, but the MX /* record was found via an "insecure" MX lookup. @@ -727,7 +725,7 @@ /* Preliminary SMTPUTF8 support is introduced with Postfix 3.0. /* .IP "\fBsmtputf8_enable (yes)\fR" /* Enable preliminary SMTPUTF8 support for the protocols described -/* in RFC 6531..6533. +/* in RFC 6531, RFC 6532, and RFC 6533. /* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" /* Detect that a message requires SMTPUTF8 support for the specified /* mail origin classes. diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c index 00ce10fb4..ad516f74c 100644 --- a/postfix/src/tls/tls_misc.c +++ b/postfix/src/tls/tls_misc.c @@ -660,9 +660,9 @@ void tls_param_init(void) VAR_TLS_LOW_CLIST, DEF_TLS_LOW_CLIST, &var_tls_low_clist, 1, 0, VAR_TLS_EXPORT_CLIST, DEF_TLS_EXPORT_CLIST, &var_tls_export_clist, 1, 0, VAR_TLS_NULL_CLIST, DEF_TLS_NULL_CLIST, &var_tls_null_clist, 1, 0, - VAR_TLS_EECDH_AUTO, DEF_TLS_EECDH_AUTO, &var_tls_eecdh_auto, 1, 0, - VAR_TLS_EECDH_STRONG, DEF_TLS_EECDH_STRONG, &var_tls_eecdh_strong, 1, 0, - VAR_TLS_EECDH_ULTRA, DEF_TLS_EECDH_ULTRA, &var_tls_eecdh_ultra, 1, 0, + VAR_TLS_EECDH_AUTO, DEF_TLS_EECDH_AUTO, &var_tls_eecdh_auto, 0, 0, + VAR_TLS_EECDH_STRONG, DEF_TLS_EECDH_STRONG, &var_tls_eecdh_strong, 0, 0, + VAR_TLS_EECDH_ULTRA, DEF_TLS_EECDH_ULTRA, &var_tls_eecdh_ultra, 0, 0, VAR_TLS_BUG_TWEAKS, DEF_TLS_BUG_TWEAKS, &var_tls_bug_tweaks, 0, 0, VAR_TLS_SSL_OPTIONS, DEF_TLS_SSL_OPTIONS, &var_tls_ssl_options, 0, 0, VAR_TLS_DANE_DIGESTS, DEF_TLS_DANE_DIGESTS, &var_tls_dane_digests, 1, 0, @@ -1050,6 +1050,12 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext) kex_name = OBJ_nid2sn(EVP_PKEY_type(nid)); break; +#if defined(EVP_PKEY_KEYMGMT) + case EVP_PKEY_KEYMGMT: + kex_name = EVP_PKEY_get0_type_name(dh_pkey); + break; +#endif + case EVP_PKEY_DH: kex_name = "DHE"; TLScontext->kex_bits = EVP_PKEY_bits(dh_pkey); @@ -1062,8 +1068,17 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext) break; #endif } - EVP_PKEY_free(dh_pkey); } + if (kex_name) { + TLScontext->kex_name = mystrdup(kex_name); + TLScontext->kex_curve = kex_curve; + } + /* Not a problem if NULL */ + EVP_PKEY_free(dh_pkey); + + /* Resumption makes no use of signature keys or digests */ + if (TLScontext->session_reused) + return; /* * On the client end, the certificate may be preset, but not used, so we @@ -1084,12 +1099,19 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext) * the more familiar name. For "RSA" keys report "RSA-PSS", which * must be used with TLS 1.3. */ - if ((nid = EVP_PKEY_type(EVP_PKEY_id(local_pkey))) != NID_undef) { + if ((nid = EVP_PKEY_id(local_pkey)) != NID_undef) { switch (nid) { default: - locl_sig_name = OBJ_nid2sn(nid); + if ((nid = EVP_PKEY_type(nid)) != NID_undef) + locl_sig_name = OBJ_nid2sn(nid); break; +#if defined(EVP_PKEY_KEYMGMT) + case EVP_PKEY_KEYMGMT: + locl_sig_name = EVP_PKEY_get0_type_name(local_pkey); + break; +#endif + case EVP_PKEY_RSA: /* For RSA, TLS 1.3 mandates PSS signatures */ locl_sig_name = "RSA-PSS"; @@ -1112,6 +1134,13 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext) */ if (SSL_get_signature_nid(ssl, &nid) && nid != NID_undef) locl_sig_dgst = OBJ_nid2sn(nid); + + if (locl_sig_name) { + SIG_PROP(TLScontext, srvr, name) = mystrdup(locl_sig_name); + SIG_PROP(TLScontext, srvr, curve) = locl_sig_curve; + if (locl_sig_dgst) + SIG_PROP(TLScontext, srvr, dgst) = mystrdup(locl_sig_dgst); + } } /* Signature algorithms for the peer end of the connection */ if ((peer_cert = TLS_PEEK_PEER_CERT(ssl)) != 0) { @@ -1122,12 +1151,19 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext) * the more familiar name. For "RSA" keys report "RSA-PSS", which * must be used with TLS 1.3. */ - if ((nid = EVP_PKEY_type(EVP_PKEY_id(peer_pkey))) != NID_undef) { + if ((nid = EVP_PKEY_id(peer_pkey)) != NID_undef) { switch (nid) { default: - peer_sig_name = OBJ_nid2sn(nid); + if ((nid = EVP_PKEY_type(nid)) != NID_undef) + peer_sig_name = OBJ_nid2sn(nid); break; +#if defined(EVP_PKEY_KEYMGMT) + case EVP_PKEY_KEYMGMT: + peer_sig_name = EVP_PKEY_get0_type_name(peer_pkey); + break; +#endif + case EVP_PKEY_RSA: /* For RSA, TLS 1.3 mandates PSS signatures */ peer_sig_name = "RSA-PSS"; @@ -1150,24 +1186,14 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext) if (SSL_get_peer_signature_nid(ssl, &nid) && nid != NID_undef) peer_sig_dgst = OBJ_nid2sn(nid); + if (peer_sig_name) { + SIG_PROP(TLScontext, !srvr, name) = mystrdup(peer_sig_name); + SIG_PROP(TLScontext, !srvr, curve) = peer_sig_curve; + if (peer_sig_dgst) + SIG_PROP(TLScontext, !srvr, dgst) = mystrdup(peer_sig_dgst); + } TLS_FREE_PEER_CERT(peer_cert); } - if (kex_name) { - TLScontext->kex_name = mystrdup(kex_name); - TLScontext->kex_curve = kex_curve; - } - if (locl_sig_name) { - SIG_PROP(TLScontext, srvr, name) = mystrdup(locl_sig_name); - SIG_PROP(TLScontext, srvr, curve) = locl_sig_curve; - if (locl_sig_dgst) - SIG_PROP(TLScontext, srvr, dgst) = mystrdup(locl_sig_dgst); - } - if (peer_sig_name) { - SIG_PROP(TLScontext, !srvr, name) = mystrdup(peer_sig_name); - SIG_PROP(TLScontext, !srvr, curve) = peer_sig_curve; - if (peer_sig_dgst) - SIG_PROP(TLScontext, !srvr, dgst) = mystrdup(peer_sig_dgst); - } } /* tls_log_summary - TLS loglevel 1 one-liner, embellished with TLS 1.3 details */ diff --git a/postfix/src/util/peekfd.c b/postfix/src/util/peekfd.c index e9480a2d6..420a92b05 100644 --- a/postfix/src/util/peekfd.c +++ b/postfix/src/util/peekfd.c @@ -39,6 +39,9 @@ #include #include +#ifdef SUNOS5 +#include /* shutdown(2) */ +#endif #ifdef FIONREAD_IN_SYS_FILIO_H #include #endif