diff --git a/postfix/HISTORY b/postfix/HISTORY index 0e0d69c70..191e064cf 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -24693,10 +24693,11 @@ Apologies for any names omitted. 20200419 - Bugfix: segfault in the tlsproxy client role when the server - role was disabled. This typically happens with a first-time - Postfix install and after configuring only outbound TLS. - Found during program maintenance. File: tlsproxy/tlsproxy.c. + Bugfix (introduced: Postfix 3.4): segfault in the tlsproxy + client role when the server role was disabled. This typically + happens with a first-time Postfix install and after configuring + only outbound TLS. Found during program maintenance. File: + tlsproxy/tlsproxy.c. 20200420 @@ -24705,10 +24706,10 @@ Apologies for any names omitted. 20200422 - Security: disable TLSA/DANE on Alpine Linux because libc-musl - provides no indication whether responses are authentic. - This broke TLSA/DANE without a clear explanation. File: - makedefs. + Security: disable DANE support on Alpine Linux because + libc-musl provides no indication whether DNS responses are + authentic. This broke DANE support without a clear explanation. + File: makedefs. 20200425 @@ -24719,7 +24720,7 @@ Apologies for any names omitted. However, with a SHARED listen socket as used in Postfix, kernel-based load balancing does not help, and Postfix still requires locking to avoid waking up multiple processes when - a connection arrives. Files: util/inet_listen.c, + a connection arrives. Files: util/inet_listen.c, 20200502 @@ -24750,7 +24751,7 @@ Apologies for any names omitted. 20200509 - Bugfix (introduced: Postfix 3.5): maillog_file_rotate_suffix + Bugfix (introduced: Postfix 3.4): maillog_file_rotate_suffix default value used the minute instead of the month. Reported by Larry Stone. Files: conf/postfix-tls-script, proto/MAILLOG_README.html, proto/postconf.proto. @@ -24763,8 +24764,8 @@ Apologies for any names omitted. 20200511 - Noise suppression: spurious "SSL_Shutdown:shutdown while - in init" warnings. File: tls/tls_session.c. + Noise suppression: avoid "SSL_Shutdown:shutdown while in + init" warnings. File: tls/tls_session.c. Debugging: with a single -v, the cleanup server now also logs output envelope records, so that one -v option shows @@ -24772,13 +24773,41 @@ Apologies for any names omitted. 20200515 - Bugfix (introduced: Postfix 2.2): TLS error status info - from a PostgreSQL client caused a false 'lost connection' - error for an SMTP-over-TLS session in the same Postfix - process. Reported by Alexander Vasarab, diagnosed by Viktor - Dukhovni. File: tls/tls_bio_ops.c. + Bugfix (introduced: Postfix 2.2): a TLS error for a PostgreSQL + client caused a false 'lost connection' error for an SMTP + over TLS session in the same Postfix process. Reported by + Alexander Vasarab, diagnosed by Viktor Dukhovni. File: + tls/tls_bio_ops.c. - Bugfix (introduced: Postfix 2.8): TLS error status info - from one TLS session may cause a false 'lost connection' - error for concurrent TLS sessions in the same tlsproxy - process. File: tlsproxy/tlsproxy.c. + Bugfix (introduced: Postfix 2.8): a TLS error for one TLS + session may cause a false 'lost connection' error for a + concurrent TLS session in the same tlsproxy process. File: + tlsproxy/tlsproxy.c. + +20200518 + + Documentation: updated the wording of recent HISTORY entries, + based on the text in the 20200516 stable releases. + +20200521 + + Cleanup: the value of __RES (defined in resolv.h) determines + whether the res_nxxx() API is available. Credit to Rich + Felker. Files: util/sys_defs.h, dns/dns_lookup.c. + +20200522 + + Cleanup: the postconf command builds with -fno-common. + Files: makedefs, Makefile.in, postconf/extract.awk, + postconf/install_vars.h. + +20200523 + + Cleanup: the 20200503 change did not prevent direct access + to the obsolete h_errno variable in smtpd_checks.c. This + variable may still be updated, but we should not count on + that. Files: dns/dns.h, dns/dns_lookup.c, smtpd/smtpd_check.c. + + Cleanup: unit tests now build with -fno-common. Files: + global/server_acl.c, smtpd/smtpd_check.c, global/strip_addr.c, + proxymap/proxymap.c. diff --git a/postfix/Makefile.in b/postfix/Makefile.in index bffe77d5e..65e7911d3 100644 --- a/postfix/Makefile.in +++ b/postfix/Makefile.in @@ -1,7 +1,7 @@ # To test with valgrind: # make -i tests VALGRIND="valgrind --tool=memcheck --log-file=/some/where.%p" SHELL = /bin/sh -WARN = -Wmissing-prototypes -Wformat -Wno-comment -fcommon +WARN = -Wmissing-prototypes -Wformat -Wno-comment -fno-common OPTS = 'WARN=$(WARN)' DIRS = src/util src/global src/dns src/tls src/xsasl src/master src/milter \ src/postfix src/fsstone src/smtpstone \ diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 1a9a2ce9d..52dd221cb 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -38,3 +38,11 @@ To build old style, build with: This is also the default for systems that are known not to support the threadsafe resolver API, such systems that use libc-musl. + +Incompatible changes with snapshot 20200416 +=========================================== + +Security: this release disables DANE support on Linux systems with +libc-musl, because libc-musl provides no indication whether DNS +responses are authentic. This broke DANE support without a clear +explanation. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 2120b54c7..96872fd9f 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,7 +1,10 @@ Wish list: - Find a reasonable way to generate postconf configuration - parameter tables without breaking gcc -fnocommon. + DNSSEC end-to-end test, probing a configurable zone (".") + and resource type (default: NS). + + When a secondary instance has no multi_instance_name set, +` postmulti -i won't be able to find it. Read http://mmogilvi.users.sourceforge.net/software/oauthbearer.html and see how we can improve on the Postfix side. diff --git a/postfix/makedefs b/postfix/makedefs index 148f173a8..06aa2dc1a 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -239,12 +239,6 @@ case "$SYSTEM" in *) echo Warning: libc-musl breaks DANE/TLSA security. 1>&2 echo This build will not support DANE/TLSA. 1>&2 CCARGS="$CCARGS -DNO_DNSSEC";; - esac - case "$CCARGS" in - *-DNO_RES_NCALLS*) ;; - *) echo Warning: libc-musl does not support res_ninit etc. 1>&2 - echo This build will not support modern resolver features. 1>&2 - CCARGS="$CCARGS -DNO_RES_NCALLS";; esac;; esac;; esac @@ -1166,7 +1160,7 @@ esac : ${CC=gcc} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk} \ ${WARN='-Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ - -Wunused -Wno-missing-braces -fcommon'} + -Wunused -Wno-missing-braces -fno-common'} # Extract map type names from -DHAS_XXX compiler options. We avoid # problems with tr(1) range syntax by using enumerations instead, diff --git a/postfix/src/dns/dns.h b/postfix/src/dns/dns.h index b8c4c4aa5..4182aceba 100644 --- a/postfix/src/dns/dns.h +++ b/postfix/src/dns/dns.h @@ -52,6 +52,17 @@ (cp) += 4; \ } +#endif + + /* + * Provide API compatibility for systems without res_nxxx() API. Also + * require calling dns_get_h_errno() instead of directly accessing the + * global h_errno variable. We should not count on that being updated. + */ +#if !defined(NO_RES_NCALLS) && defined(__RES) && (__RES >= 19991006) +#define USE_RES_NCALLS +#undef h_errno +#define h_errno use_dns_get_h_errno_instead_of_h_errno #endif /* @@ -229,6 +240,7 @@ extern int dns_lookup_rl(const char *, unsigned, DNS_RR **, VSTRING *, VSTRING *, int *, int,...); extern int dns_lookup_rv(const char *, unsigned, DNS_RR **, VSTRING *, VSTRING *, int *, int, unsigned *); +extern int dns_get_h_errno(void); #define dns_lookup(name, type, rflags, list, fqdn, why) \ dns_lookup_x((name), (type), (rflags), (list), (fqdn), (why), (int *) 0, \ diff --git a/postfix/src/dns/dns_lookup.c b/postfix/src/dns/dns_lookup.c index d4d494f61..185f6baf6 100644 --- a/postfix/src/dns/dns_lookup.c +++ b/postfix/src/dns/dns_lookup.c @@ -31,6 +31,8 @@ /* VSTRING *why; /* int lflags; /* unsigned *ltype; +/* +/* int dns_get_h_errno() /* AUXILIARY FUNCTIONS /* extern int var_dns_ncache_ttl_fix; /* @@ -83,6 +85,10 @@ /* an invalid name is reported as a DNS_INVAL result, while /* malformed replies are reported as transient errors. /* +/* dns_get_h_errno() returns the last error. This deprecates +/* usage of the global h_errno variable. We should not rely +/* on that being updated. +/* /* dns_lookup_l() and dns_lookup_v() allow the user to specify /* a list of resource types. /* @@ -1244,3 +1250,10 @@ int dns_lookup_rv(const char *name, unsigned flags, DNS_RR **rrlist, vstring_free(hpref_rtext); return (status); } + +/* dns_get_h_errno - get the last lookup status */ + +int dns_get_h_errno(void) +{ + return (DNS_GET_H_ERRNO(&dns_res_state)); +} diff --git a/postfix/src/global/db_common.c b/postfix/src/global/db_common.c index bfce1dcd2..e22a90ac9 100644 --- a/postfix/src/global/db_common.c +++ b/postfix/src/global/db_common.c @@ -114,6 +114,11 @@ /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA /* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA +/* /* Liviu Daia /* Institute of Mathematics of the Romanian Academy /* P.O. BOX 1-764 diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index e08b3a7a0..cf9a271e6 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20200515" +#define MAIL_RELEASE_DATE "20200523" #define MAIL_VERSION_NUMBER "3.6" #ifdef SNAPSHOT diff --git a/postfix/src/global/server_acl.c b/postfix/src/global/server_acl.c index daa2c3ec2..adbcdf3e9 100644 --- a/postfix/src/global/server_acl.c +++ b/postfix/src/global/server_acl.c @@ -59,6 +59,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ @@ -235,9 +240,7 @@ int server_acl_eval(const char *client_addr, SERVER_ACL * intern_acl, #include #include #include - -char *var_par_dom_match = DEF_PAR_DOM_MATCH; -char *var_mynetworks = ""; + char *var_server_acl = ""; #define UPDATE_VAR(s,v) do { if (*(s)) myfree(s); (s) = mystrdup(v); } while (0) @@ -259,6 +262,12 @@ int main(void) 0, }; + /* + * No static initializer because these are owned by a library. + */ + var_par_dom_match = DEF_PAR_DOM_MATCH; + var_mynetworks = ""; + #define VAR_SERVER_ACL "server_acl" while (vstring_get_nonl(buf, VSTREAM_IN) != VSTREAM_EOF) { diff --git a/postfix/src/global/strip_addr.c b/postfix/src/global/strip_addr.c index 8b6a02a8a..c4c39b013 100644 --- a/postfix/src/global/strip_addr.c +++ b/postfix/src/global/strip_addr.c @@ -115,8 +115,6 @@ char *strip_addr_internal(const char *full, char **extension, #include #include -char *var_double_bounce_sender = DEF_DOUBLE_BOUNCE; - int main(int unused_argc, char **unused_argv) { char *extension; @@ -125,6 +123,11 @@ int main(int unused_argc, char **unused_argv) #define NO_DELIM "" + /* + * No static initializer, because this is owned by a library. + */ + var_double_bounce_sender = DEF_DOUBLE_BOUNCE; + /* * Incredible. This function takes only three arguments, and the tests * already take more lines of code than the code being tested. diff --git a/postfix/src/postconf/extract.awk b/postfix/src/postconf/extract.awk index 13b1f9166..809020d4b 100644 --- a/postfix/src/postconf/extract.awk +++ b/postfix/src/postconf/extract.awk @@ -18,9 +18,12 @@ # have a more modern implementation that is XPG4-compatible, but it # is too much bother to find out where each system keeps these. +{ owned_by_library = (FILENAME ~ /\/(global|tls)\//) } + /^(static| )*(const +)?CONFIG_INT_TABLE .*\{/,/\};/ { if ($1 ~ /VAR/) { - int_vars["int " substr($3,2,length($3)-2) ";"] = 1 + if (!owned_by_library) + int_vars["int " substr($3,2,length($3)-2) ";"] = 1 if (++itab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { int_table[$0] = 1 } @@ -28,7 +31,8 @@ } /^(static| )*(const +)?CONFIG_STR_TABLE .*\{/,/\};/ { if ($1 ~ /^VAR/) { - str_vars["char *" substr($3,2,length($3)-2) ";"] = 1 + if (!owned_by_library) + str_vars["char *" substr($3,2,length($3)-2) ";"] = 1 if (++stab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { str_table[$0] = 1 } @@ -36,7 +40,8 @@ } /^(static| )*(const +)?CONFIG_STR_FN_TABLE .*\{/,/\};/ { if ($1 ~ /^VAR/) { - str_fn_vars["char *" substr($3,2,length($3)-2) ";"] = 1 + if (!owned_by_library) + str_fn_vars["char *" substr($3,2,length($3)-2) ";"] = 1 $2 = "pcf_" $2 if (++stab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { str_fn_table[$0] = 1 @@ -45,7 +50,8 @@ } /^(static| )*(const +)?CONFIG_RAW_TABLE .*\{/,/\};/ { if ($1 ~ /^VAR/) { - raw_vars["char *" substr($3,2,length($3)-2) ";"] = 1 + if (!owned_by_library) + raw_vars["char *" substr($3,2,length($3)-2) ";"] = 1 if (++rtab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { raw_table[$0] = 1 } @@ -53,7 +59,8 @@ } /^(static| )*(const +)?CONFIG_BOOL_TABLE .*\{/,/\};/ { if ($1 ~ /^VAR/) { - bool_vars["int " substr($3,2,length($3)-2) ";"] = 1 + if (!owned_by_library) + bool_vars["int " substr($3,2,length($3)-2) ";"] = 1 if (++btab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { bool_table[$0] = 1 } @@ -61,7 +68,8 @@ } /^(static| )*(const +)?CONFIG_TIME_TABLE .*\{/,/\};/ { if ($1 ~ /^VAR/) { - time_vars["int " substr($3,2,length($3)-2) ";"] = 1 + if (!owned_by_library) + time_vars["int " substr($3,2,length($3)-2) ";"] = 1 if (++ttab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { time_table[$0] = 1 } @@ -69,7 +77,8 @@ } /^(static| )*(const +)?CONFIG_NINT_TABLE .*\{/,/\};/ { if ($1 ~ /VAR/) { - nint_vars["int " substr($3,2,length($3)-2) ";"] = 1 + if (!owned_by_library) + nint_vars["int " substr($3,2,length($3)-2) ";"] = 1 if (++itab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { nint_table[$0] = 1 } @@ -77,7 +86,8 @@ } /^(static| )*(const +)?CONFIG_NBOOL_TABLE .*\{/,/\};/ { if ($1 ~ /^VAR/) { - nbool_vars["int " substr($3,2,length($3)-2) ";"] = 1 + if (!owned_by_library) + nbool_vars["int " substr($3,2,length($3)-2) ";"] = 1 if (++btab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { nbool_table[$0] = 1 } @@ -85,7 +95,8 @@ } /^(static| )*(const +)?CONFIG_LONG_TABLE .*\{/,/\};/ { if ($1 ~ /VAR/) { - long_vars["long " substr($3,2,length($3)-2) ";"] = 1 + if (!owned_by_library) + long_vars["long " substr($3,2,length($3)-2) ";"] = 1 if (++itab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { long_table[$0] = 1 } diff --git a/postfix/src/postconf/install_vars.h b/postfix/src/postconf/install_vars.h index c46882b34..746c81e1e 100644 --- a/postfix/src/postconf/install_vars.h +++ b/postfix/src/postconf/install_vars.h @@ -1,2 +1 @@ -char *var_config_dir; char *var_debug_command; diff --git a/postfix/src/proxymap/proxymap.c b/postfix/src/proxymap/proxymap.c index 167b8432c..e486c4685 100644 --- a/postfix/src/proxymap/proxymap.c +++ b/postfix/src/proxymap/proxymap.c @@ -759,7 +759,6 @@ int main(int argc, char **argv) VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0, VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mailbox_doms, 0, 0, VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps, 0, 0, - VAR_RELAY_DOMAINS, DEF_RELAY_DOMAINS, &var_relay_domains, 0, 0, VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0, VAR_SEND_CANON_MAPS, DEF_SEND_CANON_MAPS, &var_send_canon_maps, 0, 0, VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps, 0, 0, diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 85d594498..485dbb146 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -1815,7 +1815,8 @@ static int all_auth_mx_addr(SMTPD_STATE *state, char *host, "%s as mail exchanger: %s", reply_name, reply_class, host, dns_status == DNS_POLICY ? - "DNS reply filter policy" : dns_strerror(h_errno)); + "DNS reply filter policy" : + dns_strerror(dns_get_h_errno())); return (NOPE); } for (rr = addr_list; rr != 0; rr = rr->next) { @@ -2059,8 +2060,10 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient, 450, "4.4.4", "<%s>: %s rejected: Unable to look up mail " "exchanger information: %s", - reply_name, reply_class, dns_status == DNS_POLICY ? - "DNS reply filter policy" : dns_strerror(h_errno)); + reply_name, reply_class, + dns_status == DNS_POLICY ? + "DNS reply filter policy" : + dns_strerror(dns_get_h_errno())); return (SMTPD_CHECK_DUNNO); } @@ -3080,8 +3083,10 @@ static int check_server_access(SMTPD_STATE *state, const char *table, } if (dns_status != DNS_OK) { msg_warn("Unable to look up %s host for %s: %s", dns_strtype(type), - domain && domain[1] ? domain : name, dns_status == DNS_POLICY ? - "DNS reply filter policy" : dns_strerror(h_errno)); + domain && domain[1] ? domain : name, + dns_status == DNS_POLICY ? + "DNS reply filter policy" : + dns_strerror(dns_get_h_errno())); return (SMTPD_CHECK_DUNNO); } } @@ -5570,7 +5575,6 @@ char *var_rcpt_checks = ""; char *var_etrn_checks = ""; char *var_data_checks = ""; char *var_eod_checks = ""; -char *var_relay_domains = ""; char *var_smtpd_uproxy_proto = ""; int var_smtpd_uproxy_tmout = 0; @@ -5578,7 +5582,6 @@ int var_smtpd_uproxy_tmout = 0; char *var_relay_ccerts = ""; #endif -char *var_mynetworks = ""; char *var_notify_classes = ""; char *var_smtpd_policy_def_action = ""; char *var_smtpd_policy_context = ""; @@ -5587,11 +5590,6 @@ char *var_smtpd_policy_context = ""; * String-valued configuration parameters. */ char *var_maps_rbl_domains; -char *var_myorigin; -char *var_mydest; -char *var_inet_interfaces; -char *var_proxy_interfaces; -char *var_rcpt_delim; char *var_rest_classes; char *var_alias_maps; char *var_send_canon_maps; @@ -5603,10 +5601,8 @@ char *var_virt_mailbox_maps; char *var_virt_mailbox_doms; char *var_local_rcpt_maps; char *var_perm_mx_networks; -char *var_par_dom_match; char *var_smtpd_null_key; char *var_smtpd_snd_auth_maps; -char *var_double_bounce_sender; char *var_rbl_reply_maps; char *var_smtpd_exp_filter; char *var_def_rbl_reply; @@ -5623,7 +5619,6 @@ char *var_unk_addr_tf_act; char *var_unv_rcpt_tf_act; char *var_unv_from_tf_act; char *var_smtpd_acl_perm_log; -char *var_info_log_addr_form; typedef struct { char *name; @@ -5680,6 +5675,9 @@ static const STRING_TABLE string_table[] = { VAR_SMTPD_ACL_PERM_LOG, DEF_SMTPD_ACL_PERM_LOG, &var_smtpd_acl_perm_log, VAR_SMTPD_DNS_RE_FILTER, DEF_SMTPD_DNS_RE_FILTER, &var_smtpd_dns_re_filter, VAR_INFO_LOG_ADDR_FORM, DEF_INFO_LOG_ADDR_FORM, &var_info_log_addr_form, + /* XXX No static initialization with "", because owned by a library. */ + VAR_MYNETWORKS, "", &var_mynetworks, + VAR_RELAY_DOMAINS, "", &var_relay_domains, 0, }; diff --git a/postfix/src/util/mac_parse.h b/postfix/src/util/mac_parse.h index 2d7b4ad48..5ed0dc17b 100644 --- a/postfix/src/util/mac_parse.h +++ b/postfix/src/util/mac_parse.h @@ -41,6 +41,11 @@ extern int WARN_UNUSED_RESULT mac_parse(const char *, MAC_PARSE_FN, void *); /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ #endif diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h index c491b2203..2e1c95373 100644 --- a/postfix/src/util/sys_defs.h +++ b/postfix/src/util/sys_defs.h @@ -1699,14 +1699,6 @@ typedef int pid_t; */ #define ENFORCING_SIZE_LIMIT(param) ((param) > 0) - /* - * The threadsafe resolver(5) API came out before 2002, and should be on by - * default. - */ -#ifndef NO_RES_NCALLS -#define USE_RES_NCALLS -#endif - /* * Don't mix socket message send/receive calls with socket stream read/write * calls. The fact that you can get away with it only on some stacks implies