From 964d4b3048fffff055d02818ae4665e94bced56e Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Mon, 17 Jan 2011 00:00:00 -0500 Subject: [PATCH] postfix-2.9-20110117 --- postfix/HISTORY | 22 +++++++++++++++++ postfix/RELEASE_NOTES-2.8 | 30 +++++++++++++++++++---- postfix/WISHLIST | 9 +++++++ postfix/html/postconf.5.html | 8 +++--- postfix/man/man5/postconf.5 | 7 +++--- postfix/proto/postconf.proto | 8 +++--- postfix/src/global/mail_params.h | 8 ------ postfix/src/global/mail_version.h | 2 +- postfix/src/postscreen/postscreen.c | 17 +++++++++---- postfix/src/postscreen/postscreen.h | 6 ++--- postfix/src/postscreen/postscreen_state.c | 4 +-- postfix/src/tlsproxy/tlsproxy.c | 2 +- postfix/src/util/sys_defs.h | 12 ++++++++- postfix/src/util/watchdog.c | 1 + 14 files changed, 98 insertions(+), 38 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 5551d5577..fb9db51c4 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -16471,3 +16471,25 @@ Apologies for any names omitted. Cleanup: documentation, in preparation for the Postfix 2.8 stable release. + +20110117 + + Bugfix (introduced Postfix alpha, or thereabouts): on HP-UX + the Postfix event engine was deaf for SIGALRM signals. + Symptoms were killed processes when the watchdog timeout + was less than max_idle. The fix is the same as Solaris fix + 20110109. Since we can't know what other systems need this, + the workaround is enabled by default. Files: util/sys_defs.h. + + Cleanup: "smtpd_tls_eecdh_grade = strong" by default, instead + of snapshot-only. File: global/mail_params.h, proto/postconf.proto. + + Cleanup: missing "#include " in util/watchdog.c. + + Bugfix: when compiled without -DUSE_TLS, tlsproxy used the + wrong server skeleton (multi_server instead of event_server). + File: tlsproxy/tlsproxy.c. + + Workaround: added a panic check for code that is mis-compiled + by the HP-UX compiler. File: postscreen/postscreen.c, + postscreen/postscreen.h, postscreen/postscreen_state.c. diff --git a/postfix/RELEASE_NOTES-2.8 b/postfix/RELEASE_NOTES-2.8 index 632904bf0..536b59576 100644 --- a/postfix/RELEASE_NOTES-2.8 +++ b/postfix/RELEASE_NOTES-2.8 @@ -14,6 +14,31 @@ specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 2.6 or earlier, read RELEASE_NOTES-2.7 before proceeding. +Major changes - restart Postfix +------------------------------- + +If you upgrade from Postfix 2.6 or earlier, you must execute "postfix +stop" and "postfix start" before you can use the postscreen(8) +daemon. This is needed because the Postfix 2.6 "pass" master service +type did not work reliably on some systems. + +If you upgrade from Postfix 2.7, or from Postfix 2.8 before July +25, 2010, you must execute "postfix reload" (or "postfix stop" +followed by "postfix start"). This is needed because the queue +manager to delivery agent protocol has changed. Failure to do this +results in repeated logging of warnings with: + + warning: unexpected attribute rewrite_context ... + +If the warning does not go away after restarting Postfix, examine +the output from this command: + + strings -af /usr/libexec/postfix/* | grep mail_version= + +(where /usr/libexec/postfix is the value of main.cf:daemon_directory) +and update the executables that have a version string that differs +from the other programs. + Major changes - DNSBL/DNSWL support ----------------------------------- @@ -324,11 +349,6 @@ parameter specifies how long to keep an expired entry in the cache. This prevents a client from being logged as "NEW" after its record expired only a little while ago. -[Incompat 20091008] If you upgrade from Postfix 2.6 or earlier, you -must stop and start the Postfix master daemon before you can use -the postscreen(8) daemon. This is needed because the Postfix 2.6 -"pass" master service type did not work reliably on some systems. - [Feature 20091008] Prototype postscreen(8) server that runs a number of time-consuming checks in parallel for all incoming SMTP connections, before clients are allowed to talk to a real Postfix SMTP server. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 7004a33b3..7421706fd 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -6,6 +6,15 @@ Wish list: Things to do after the stable release: + events.c: cache the side effects of file descriptor event + enable/disable operations in user space, and do bulk kernel + updates at event_loop() time. This can eliminate costly + system calls with successive event disable/enable operations + on the same file descriptor. This can also eliminate the + need for tricky code that tries to avoid the expense of + successive disable/enable operations. Such code is likely + to introduce bugs. + When does it pay off to send domains in the active queue to a DNS prefetch daemon? Could this generalize to a dynamic transport map that piggy-backs domains with the same MX diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index b879d0a45..548eb615f 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -14177,14 +14177,14 @@ Diffie-Hellman (EECDH) key exchange.

none
Don't use EECDH. Ciphers based on EECDH key -exchange will be disabled. This is the default in official Postfix -releases (mail_version = major.minor.patchlevel).
+exchange will be disabled. This is the default in Postfix versions +2.6 and 2.7.
strong
Use EECDH with approximately 128 bits of security at a reasonable computational cost. This is the current best-practice trade-off between security and computational -efficiency. This is the default in Postfix snapshot releases -(mail_version = major.minor-releasedate).
+efficiency. This is the default in Postfix version 2.8 and later. +
ultra
Use EECDH with approximately 192 bits of security at computational cost that is approximately twice as high diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 994b6b3ef..ac9bfab21 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -8988,14 +8988,13 @@ Diffie-Hellman (EECDH) key exchange. The available choices are: .IP "\fBnone\fR" Don't use EECDH. Ciphers based on EECDH key -exchange will be disabled. This is the default in official Postfix -releases (mail_version = major.minor.patchlevel). +exchange will be disabled. This is the default in Postfix versions +2.6 and 2.7. .IP "\fBstrong\fR" Use EECDH with approximately 128 bits of security at a reasonable computational cost. This is the current best-practice trade-off between security and computational -efficiency. This is the default in Postfix snapshot releases -(mail_version = major.minor-releasedate). +efficiency. This is the default in Postfix version 2.8 and later. .IP "\fBultra\fR" Use EECDH with approximately 192 bits of security at computational cost that is approximately twice as high diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 4e6df6662..3797966c6 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -11739,14 +11739,14 @@ Diffie-Hellman (EECDH) key exchange.

none
Don't use EECDH. Ciphers based on EECDH key -exchange will be disabled. This is the default in official Postfix -releases (mail_version = major.minor.patchlevel).
+exchange will be disabled. This is the default in Postfix versions +2.6 and 2.7.
strong
Use EECDH with approximately 128 bits of security at a reasonable computational cost. This is the current best-practice trade-off between security and computational -efficiency. This is the default in Postfix snapshot releases -(mail_version = major.minor-releasedate).
+efficiency. This is the default in Postfix version 2.8 and later. +
ultra
Use EECDH with approximately 192 bits of security at computational cost that is approximately twice as high diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 61f914c06..15d6394b7 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -1281,11 +1281,7 @@ extern char *var_smtpd_tls_dh512_param_file; extern char *var_smtpd_tls_dh1024_param_file; #define VAR_SMTPD_TLS_EECDH "smtpd_tls_eecdh_grade" -#ifdef SNAPSHOT #define DEF_SMTPD_TLS_EECDH "strong" -#else -#define DEF_SMTPD_TLS_EECDH "none" -#endif extern char *var_smtpd_tls_eecdh; #define VAR_SMTPD_TLS_LOGLEVEL "smtpd_tls_loglevel" @@ -3557,11 +3553,7 @@ extern char *var_tlsp_tls_dh512_param_file; extern char *var_tlsp_tls_dh1024_param_file; #define VAR_TLSP_TLS_EECDH "tlsproxy_tls_eecdh_grade" -#ifdef SNAPSHOT #define DEF_TLSP_TLS_EECDH "$" VAR_SMTPD_TLS_EECDH -#else -#define DEF_TLSP_TLS_EECDH "$" VAR_SMTPD_TLS_EECDH -#endif extern char *var_tlsp_tls_eecdh; #define VAR_TLSP_TLS_LOGLEVEL "tlsproxy_tls_loglevel" diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index a766bc151..ef4fa9b38 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20110116" +#define MAIL_RELEASE_DATE "20110117" #define MAIL_VERSION_NUMBER "2.9" #ifdef SNAPSHOT diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c index dd3927130..8df426924 100644 --- a/postfix/src/postscreen/postscreen.c +++ b/postfix/src/postscreen/postscreen.c @@ -487,8 +487,8 @@ int psc_normal_greet_wait; /* stressed greet wait */ int psc_stress_cmd_time_limit; /* stressed command limit */ int psc_normal_cmd_time_limit; /* normal command time limit */ int psc_stress; /* stress level */ -int psc_check_queue_length_lowat; /* stress low-water mark */ -int psc_check_queue_length_hiwat; /* stress high-water mark */ +int psc_lowat_check_queue_length; /* stress low-water mark */ +int psc_hiwat_check_queue_length; /* stress high-water mark */ DICT *psc_dnsbl_reply; /* DNSBL name mapper */ HTABLE *psc_client_concurrency; /* per-client concurrency */ @@ -1048,12 +1048,19 @@ static void post_jail_init(char *unused_name, char **unused_argv) psc_normal_greet_wait = get_mail_conf_time(VAR_PSC_GREET_WAIT, DEF_PSC_GREET_WAIT, 1, 0); - psc_check_queue_length_lowat = .7 * var_psc_pre_queue_limit; - psc_check_queue_length_hiwat = .9 * var_psc_pre_queue_limit; + psc_lowat_check_queue_length = .7 * var_psc_pre_queue_limit; + psc_hiwat_check_queue_length = .9 * var_psc_pre_queue_limit; if (msg_verbose) msg_info(VAR_PSC_CMD_TIME ": stress=%d normal=%d lowat=%d hiwat=%d", psc_stress_cmd_time_limit, psc_normal_cmd_time_limit, - psc_check_queue_length_lowat, psc_check_queue_length_hiwat); + psc_lowat_check_queue_length, psc_hiwat_check_queue_length); + + if (psc_lowat_check_queue_length == 0) + msg_panic("compiler error: 0.7 * %d = %d", var_psc_pre_queue_limit, + psc_lowat_check_queue_length); + if (psc_hiwat_check_queue_length == 0) + msg_panic("compiler error: 0.9 * %d = %d", var_psc_pre_queue_limit, + psc_hiwat_check_queue_length); /* * Per-client concurrency. diff --git a/postfix/src/postscreen/postscreen.h b/postfix/src/postscreen/postscreen.h index f141a0d36..afea976ff 100644 --- a/postfix/src/postscreen/postscreen.h +++ b/postfix/src/postscreen/postscreen.h @@ -292,8 +292,8 @@ extern int psc_normal_greet_wait; /* stressed greet wait */ extern int psc_stress_cmd_time_limit; /* stressed command limit */ extern int psc_normal_cmd_time_limit; /* normal command time limit */ extern int psc_stress; /* stress level */ -extern int psc_check_queue_length_lowat;/* stress low-water mark */ -extern int psc_check_queue_length_hiwat;/* stress high-water mark */ +extern int psc_lowat_check_queue_length;/* stress low-water mark */ +extern int psc_hiwat_check_queue_length;/* stress high-water mark */ extern DICT *psc_dnsbl_reply; /* DNSBL name mapper */ extern HTABLE *psc_client_concurrency; /* per-client concurrency */ @@ -469,7 +469,7 @@ extern const char *psc_expand_lookup(const char *, int, char *); extern void psc_acl_pre_jail_init(void); extern ARGV *psc_acl_parse(const char *, const char *); -extern int psc_acl_eval(PSC_STATE *,ARGV *, const char *); +extern int psc_acl_eval(PSC_STATE *, ARGV *, const char *); /* LICENSE /* .ad diff --git a/postfix/src/postscreen/postscreen_state.c b/postfix/src/postscreen/postscreen_state.c index bb205d5e1..fe189ffa2 100644 --- a/postfix/src/postscreen/postscreen_state.c +++ b/postfix/src/postscreen/postscreen_state.c @@ -171,7 +171,7 @@ PSC_STATE *psc_new_session_state(VSTREAM *stream, * Update the stress level. */ if (psc_stress == 0 - && psc_check_queue_length >= psc_check_queue_length_hiwat) { + && psc_check_queue_length >= psc_hiwat_check_queue_length) { psc_stress = 1; msg_info("entering STRESS mode with %d connections", psc_check_queue_length); @@ -238,7 +238,7 @@ void psc_free_session_state(PSC_STATE *state) * Update the stress level. */ if (psc_stress != 0 - && psc_check_queue_length <= psc_check_queue_length_lowat) { + && psc_check_queue_length <= psc_lowat_check_queue_length) { psc_stress = 0; msg_info("leaving STRESS mode with %d connections", psc_check_queue_length); diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index 06dea0e95..d52205262 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -1147,7 +1147,7 @@ int main(int argc, char **argv) * (including logging) and then invoke the tlsp_service() routine to log * the message that says why this program will not run. */ - multi_server_main(argc, argv, tlsp_service, + event_server_main(argc, argv, tlsp_service, 0); } diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h index 26fbace79..f3d0eaa5b 100644 --- a/postfix/src/util/sys_defs.h +++ b/postfix/src/util/sys_defs.h @@ -441,7 +441,6 @@ extern int opterr; #define USE_SYSV_POLL #ifndef NO_DEVPOLL # define EVENTS_STYLE EVENTS_STYLE_DEVPOLL -# define USE_WATCHDOG_PIPE #endif /* @@ -1280,6 +1279,17 @@ extern int dup2_pass_on_exec(int oldd, int newd); extern const char *inet_ntop(int, const void *, char *, size_t); extern int inet_pton(int, const char *, void *); +#endif + + /* + * Workaround: after a watchdog alarm signal, wake up from select/poll/etc. + * by writing to a pipe. Solaris needs this, and HP-UX apparently, too. The + * run-time cost is negligible so we just turn it on for all systems. As a + * side benefit, making this code system-independent will simplify the + * detection of bit-rot problems. + */ +#ifndef NO_WATCHDOG_PIPE +#define USE_WATCHDOG_PIPE #endif /* diff --git a/postfix/src/util/watchdog.c b/postfix/src/util/watchdog.c index 7481c8887..71b483fbe 100644 --- a/postfix/src/util/watchdog.c +++ b/postfix/src/util/watchdog.c @@ -126,6 +126,7 @@ static WATCHDOG *watchdog_curr; * watchdog timeout is less than the max_idle time. */ #ifdef USE_WATCHDOG_PIPE +#include #include #include