mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-31 06:05:37 +00:00
Code Issues Releases Wiki Activity

postfix-3.2-20170101

Browse Source
This commit is contained in:
Wietse Venema
2017-01-01 00:00:00 -05:00
committed by Viktor Dukhovni
parent 730db84450
commit 2ff8ee0764
8 changed files with 28 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
postfix/HISTORY
View File

@@ -20360,7 +20360,7 @@ Apologies for any names omitted.
value was specified, i.e. print the entire string. This was value was specified, i.e. print the entire string. This was
not harmful, it just looked weird. File: util/vbuf_print.c. not harmful, it just looked weird. File: util/vbuf_print.c.
20120917 20140917
Feature: RFC 7372 enhanced status code for unknown SMTP Feature: RFC 7372 enhanced status code for unknown SMTP
client hostnames. File: smtpd/smtpd_check.c client hostnames. File: smtpd/smtpd_check.c
@@ -22140,14 +22140,14 @@ Apologies for any names omitted.
Portability: added a tls_random_source default setting for Portability: added a tls_random_source default setting for
MacOS X. Viktor Dukhovni. File: util/sys_defs.h. MacOS X. Viktor Dukhovni. File: util/sys_defs.h.
20150118 20160118
Bitrot: OpenSSL 1.1.0-dev (aka the "master" branch) has new Bitrot: OpenSSL 1.1.0-dev (aka the "master" branch) has new
security levels ranging from 0 to 5. Level "0" is backwards security levels ranging from 0 to 5. Level "0" is backwards
compatible, and other levels are increasingly restrictive. compatible, and other levels are increasingly restrictive.
Viktor Dukhovni. Files: tls/tls_server.c, tls/tls_client.c. Viktor Dukhovni. Files: tls/tls_server.c, tls/tls_client.c.
20161205 20160205
Portability: Postfix TLS support uses /dev/urandom if Portability: Postfix TLS support uses /dev/urandom if
available and no system-specific setting exists in sys_defs.h. available and no system-specific setting exists in sys_defs.h.
@@ -22368,7 +22368,7 @@ Apologies for any names omitted.
milter/milter.h, smtpd/smtpd.c, smtpd/smtpd.h, smtpd/smtpd_check.c, milter/milter.h, smtpd/smtpd.c, smtpd/smtpd.h, smtpd/smtpd_check.c,
smtpd/smtpd_haproxy.c, smtpd/smtpd_milter.c, smtpd/smtpd_peer.c. smtpd/smtpd_haproxy.c, smtpd/smtpd_milter.c, smtpd/smtpd_peer.c.
20140612 20160612
Bugfix (introduced: 20090211): missing server address Bugfix (introduced: 20090211): missing server address
conversion for non-proxy, non-postscreen connections. File: conversion for non-proxy, non-postscreen connections. File:
@@ -22605,7 +22605,7 @@ Apologies for any names omitted.
passing arbitrary options. Files: makedefs, Makefile.in, passing arbitrary options. Files: makedefs, Makefile.in,
proto/INSTALL.html. proto/INSTALL.html.
20121201 20161201
Documentation: add 'smtpd_tls_auth_only=yes' to the master.cf Documentation: add 'smtpd_tls_auth_only=yes' to the master.cf
submission service example. File: conf/master.cf. submission service example. File: conf/master.cf.
@@ -22615,7 +22615,7 @@ Apologies for any names omitted.
Documentation: typos in postconf(1) manpage. File: Documentation: typos in postconf(1) manpage. File:
postconf/postconf.c. postconf/postconf.c.
20121204 20161204
Cleanup: properly report numerical conversion errors in Cleanup: properly report numerical conversion errors in
${{number} relational-operator ${number}}, and wordsmithing. ${{number} relational-operator ${number}}, and wordsmithing.
@@ -22737,3 +22737,15 @@ Apologies for any names omitted.
cidr, pcre, and regexp table when an input does not match cidr, pcre, and regexp table when an input does not match
an ENDIF-less IF operator. Found during code maintenance. an ENDIF-less IF operator. Found during code maintenance.
File: util/cidr_map.c, util/dict_regexp.c, util/dict_pcre.c. File: util/cidr_map.c, util/dict_regexp.c, util/dict_pcre.c.
20170101
Portability; SunOS5 builds broke after moving the sys/types.h
include statement to the top of sys_defs.h.
Portability: declaration after code is GNU dialect. File:
util/vbuf_print.c.
Portability: compatibility macros for SSLv23_client_method()
etc. deprecation. Files: tls/tls.h, tls/tls_client.c,
tls/tls_dane.c, tls_server.c.

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20161231" #define MAIL_RELEASE_DATE "20170101"
#define MAIL_VERSION_NUMBER "3.2" #define MAIL_VERSION_NUMBER "3.2"
#ifdef SNAPSHOT #ifdef SNAPSHOT

3
postfix/src/tls/tls.h
View File

@@ -104,6 +104,9 @@ extern const char *str_tls_level(int);
#define ASN1_STRING_get0_data ASN1_STRING_data #define ASN1_STRING_get0_data ASN1_STRING_data
#define X509_getm_notBefore X509_get_notBefore #define X509_getm_notBefore X509_get_notBefore
#define X509_getm_notAfter X509_get_notAfter #define X509_getm_notAfter X509_get_notAfter
#define TLS_method SSLv23_method
#define TLS_client_method SSLv23_client_method
#define TLS_server_method SSLv23_server_method
#endif #endif
/* SSL_CIPHER_get_name() got constified in 0.9.7g */ /* SSL_CIPHER_get_name() got constified in 0.9.7g */

8
postfix/src/tls/tls_client.c
View File

@@ -350,17 +350,9 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props)
* we want to be as compatible as possible, so we will start off with a * we want to be as compatible as possible, so we will start off with a
* SSLv2 greeting allowing the best we can offer: TLSv1. We can restrict * SSLv2 greeting allowing the best we can offer: TLSv1. We can restrict
* this with the options setting later, anyhow. * this with the options setting later, anyhow.
*
* OpenSSL 1.1.0-dev deprecates SSLv23_client_method() in favour of
* TLS_client_method(), with the change in question signalled via a new
* TLS_ANY_VERSION macro.
*/ */
ERR_clear_error(); ERR_clear_error();
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && defined(TLS_ANY_VERSION)
client_ctx = SSL_CTX_new(TLS_client_method()); client_ctx = SSL_CTX_new(TLS_client_method());
#else
client_ctx = SSL_CTX_new(SSLv23_client_method());
#endif
if (client_ctx == 0) { if (client_ctx == 0) {
msg_warn("cannot allocate client SSL_CTX: disabling TLS support"); msg_warn("cannot allocate client SSL_CTX: disabling TLS support");
tls_print_errors(); tls_print_errors();

2
postfix/src/tls/tls_dane.c
View File

@@ -2138,7 +2138,7 @@ static SSL_CTX *ctx_init(const char *CAfile)
msg_fatal("Cannot allocate SSL application data index"); msg_fatal("Cannot allocate SSL application data index");
ERR_clear_error(); ERR_clear_error();
if ((client_ctx = SSL_CTX_new(SSLv23_client_method())) == 0) if ((client_ctx = SSL_CTX_new(TLS_client_method())) == 0)
msg_fatal("cannot allocate client SSL_CTX"); msg_fatal("cannot allocate client SSL_CTX");
SSL_CTX_set_verify_depth(client_ctx, 5); SSL_CTX_set_verify_depth(client_ctx, 5);

8
postfix/src/tls/tls_server.c
View File

@@ -441,17 +441,9 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
* SSLv2), so we need to have the SSLv23 server here. If we want to limit * SSLv2), so we need to have the SSLv23 server here. If we want to limit
* the protocol level, we can add an option to not use SSLv2/v3/TLSv1 * the protocol level, we can add an option to not use SSLv2/v3/TLSv1
* later. * later.
*
* OpenSSL 1.1.0-dev deprecates SSLv23_server_method() in favour of
* TLS_client_method(), with the change in question signalled via a new
* TLS_ANY_VERSION macro.
*/ */
ERR_clear_error(); ERR_clear_error();
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && defined(TLS_ANY_VERSION)
server_ctx = SSL_CTX_new(TLS_server_method()); server_ctx = SSL_CTX_new(TLS_server_method());
#else
server_ctx = SSL_CTX_new(SSLv23_server_method());
#endif
if (server_ctx == 0) { if (server_ctx == 0) {
msg_warn("cannot allocate server SSL_CTX: disabling TLS support"); msg_warn("cannot allocate server SSL_CTX: disabling TLS support");
tls_print_errors(); tls_print_errors();

4
postfix/src/util/sys_defs.h
View File

@@ -19,6 +19,9 @@
* directory. Adding support for a new system type means updating the * directory. Adding support for a new system type means updating the
* makedefs script, and adding a section below for the new system. * makedefs script, and adding a section below for the new system.
*/ */
#ifdef SUNOS5
#define _SVID_GETTOD /* Solaris 2.5, XSH4.2 versus SVID */
#endif
#include <sys/types.h> #include <sys/types.h>
/* /*
@@ -412,7 +415,6 @@ extern int opterr;
*/ */
#ifdef SUNOS5 #ifdef SUNOS5
#define SUPPORTED #define SUPPORTED
#define _SVID_GETTOD /* Solaris 2.5, XSH4.2 versus SVID */
#define UINT32_TYPE unsigned int #define UINT32_TYPE unsigned int
#define UINT16_TYPE unsigned short #define UINT16_TYPE unsigned short
#define MISSING_SETENV #define MISSING_SETENV

3
postfix/src/util/vbuf_print.c
View File

@@ -105,8 +105,9 @@
*/ */
#ifndef NO_SNPRINTF #ifndef NO_SNPRINTF
#define VBUF_SNPRINTF(bp, sz, fmt, arg) do { \ #define VBUF_SNPRINTF(bp, sz, fmt, arg) do { \
ssize_t _ret; \
VBUF_SPACE((bp), (sz)); \ VBUF_SPACE((bp), (sz)); \
ssize_t _ret = snprintf((char *) (bp)->ptr, (bp)->cnt, (fmt), (arg)); \ _ret = snprintf((char *) (bp)->ptr, (bp)->cnt, (fmt), (arg)); \
if (_ret < 0) \ if (_ret < 0) \
msg_panic("%s: output error for '%s'", myname, (fmt)); \ msg_panic("%s: output error for '%s'", myname, (fmt)); \
if (_ret >= (bp)->cnt) \ if (_ret >= (bp)->cnt) \