2
0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 09:57:34 +00:00

postfix-3.5-20190724

This commit is contained in:
Wietse Venema 2019-07-24 00:00:00 -05:00 committed by Viktor Dukhovni
parent bbaf49625d
commit bb8da60fce
21 changed files with 117 additions and 90 deletions

View File

@ -24307,13 +24307,12 @@ Apologies for any names omitted.
to indicate final delivery. Files: smtp/smtp.c, smtp/smtp.h,
smtp/smtp_misc.c, smtp/smtp_proto.c, smtp/smtp_rcpt.c.
Cleanup: don't wait for the TLS peer to respond after sending
a TLS 'close' notification. This should be safe with TLSv1.0
and later. Specify "tls_fast_shutdown_enable = no" to enable
historical behavior where Postfix waits, and then sends a
second TLS 'close' notification before closing the TCP
connection. Files: global/mail_params.h, tls/tls_session.c,
and documentation.
Workaround for implementations that hang Postfix while
shutting down a TLS session, until Postfix times out. With
"tls_fast_shutdown_enable = yes" (the default), Postfix no
longer waits for the TLS peer to respond to a TLS 'close'
request. This is recommended with TLSv1.0 and later. Files:
global/mail_params.h, tls/tls_session.c, and documentation.
20190618
@ -24329,8 +24328,29 @@ Apologies for any names omitted.
protocol error. This limits the impact of, for example,
pipelining synchronization errors. File: smtp/smtp_trouble.c.
Bugfix: the code to reset command counts was not called
after a HaProxy handshake failure, causing stale numbers
to be reported. The command counts are now reset in the
function that reports the counts. File: smtpd/smtpd.c.
command-read loop to the function that reports the counts.
Bugfix (introduced: Postfix 3.0): the code to reset Postfix
SMTP server command counts was not called after a HaProxy
handshake failure, causing stale numbers to be reported.
The command counts are now reset in the function that reports
the counts. Problem report by Joseph Ward. File: smtpd/smtpd.c.
20190719
Bitrot: OpenBSD stopped having /dev/arandom 8 years ago.
Brad Smith. File: util/sys_defs.h.
20190723
Bugfix: the documentation said tls_fast_shutdown_enable,
but the code said tls_fast_shutdown. Viktor Dukhovni. Changed
the code because no-one is expected to override the default.
File: global/mail_params.h.
20190724
Cleanup: proxymap(8) support for table search order syntax.
File: proxymap/proxymap.c.
Safety: vstring_set_payload_size() now checks that the
payload has not overwritten the safety terminator at the
end of the VSTRING buffer. File: util/vstream.c.

View File

@ -25,22 +25,15 @@ more recent Eclipse Public License 2.0. Recipients can choose to take
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
Incompatibility with snapshot 20190615
====================================
The Postfix TLS library by default no longer waits after sending a
TLS 'close' notification. This should be safe with TLSv1.0 and
later. Specify "tls_fast_shutdown_enable = no" to enable historical
Postfix behavior.
Major changes with snapshot 20190615
====================================
After sending a TLS 'close' notification, the Postfix library by
default no longer waits for the TLS peer to respond. According to
RFC 2246 (TLSv1.0) section 7.2.1, "It is not required for the
initiator of the close to wait for the responding close_notify alert
before closing the read side of the connection."
This release introduces a workaround for implementations that hang
Postfix while shutting down a TLS session, until Postfix times out.
With "tls_fast_shutdown_enable = yes" (the default), Postfix no
longer waits for a remote TLS peer to respond to a TLS 'close'
request. This behavior is recommended with TLSv1.0 and later. Specify
"tls_fast_shutdown_enable = no" to get historical Postfix behavior.
Dovecot usability: the SMTP+LMTP delivery agent can now prepend
Delivered-To, X-Original-To and Return-Path headers, just like the

View File

@ -640,11 +640,11 @@ SMTP(8) SMTP(8)
Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
Available in Postfix version 3.5 and later:
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
<b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
After sending a TLS 'close' notification, do not wait for the
TLS peer to respond.
A workaround for implementations that hang Postfix while shuting
down a TLS session, until Postfix times out.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with

View File

@ -18548,14 +18548,11 @@ encouraged to not change this setting. </p>
<DT><b><a name="tls_fast_shutdown_enable">tls_fast_shutdown_enable</a>
(default: yes)</b></DT><DD>
<p> After sending a TLS 'close' notification, do not wait for the
TLS peer to respond.
According to <a href="http://tools.ietf.org/html/rfc2246">RFC 2246</a> (TLSv1.0) section 7.2.1, "It is not required
for the initiator of the close to wait for the responding close_notify
alert before closing the read side of the connection." </p>
<p> Specify "<a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> = no" to enable historical
Postfix behavior. </p>
<p> A workaround for implementations that hang Postfix while shuting
down a TLS session, until Postfix times out. With this enabled,
Postfix will not wait for the remote TLS peer to respond to a TLS
'close' notification. This behavior is recommended for TLSv1.0 and
later. </p>
</DD>

View File

@ -640,11 +640,11 @@ SMTP(8) SMTP(8)
Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
Available in Postfix version 3.5 and later:
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
<b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
After sending a TLS 'close' notification, do not wait for the
TLS peer to respond.
A workaround for implementations that hang Postfix while shuting
down a TLS session, until Postfix times out.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with

View File

@ -589,11 +589,11 @@ SMTPD(8) SMTPD(8)
clients via the TLS Server Name Indication (SNI) extension to
the appropriate keys and certificate chains.
Available in Postfix version 3.5 and later:
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
<b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
After sending a TLS 'close' notification, do not wait for the
TLS peer to respond.
A workaround for implementations that hang Postfix while shuting
down a TLS session, until Postfix times out.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with

View File

@ -144,11 +144,11 @@ TLSPROXY(8) TLSPROXY(8)
clients via the TLS Server Name Indication (SNI) extension to
the appropriate keys and certificate chains.
Available in Postfix version 3.5 and later:
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
<b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
After sending a TLS 'close' notification, do not wait for the
TLS peer to respond.
A workaround for implementations that hang Postfix while shuting
down a TLS session, until Postfix times out.
<b>STARTTLS SERVER CONTROLS</b>
These settings are clones of Postfix SMTP server settings. They allow

View File

@ -12944,14 +12944,11 @@ encouraged to not change this setting.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_fast_shutdown_enable (default: yes)
After sending a TLS 'close' notification, do not wait for the
TLS peer to respond.
According to RFC 2246 (TLSv1.0) section 7.2.1, "It is not required
for the initiator of the close to wait for the responding close_notify
alert before closing the read side of the connection."
.PP
Specify "tls_fast_shutdown_enable = no" to enable historical
Postfix behavior.
A workaround for implementations that hang Postfix while shuting
down a TLS session, until Postfix times out. With this enabled,
Postfix will not wait for the remote TLS peer to respond to a TLS
'close' notification. This behavior is recommended for TLSv1.0 and
later.
.SH tls_high_cipherlist (default: see "postconf \-d" output)
The OpenSSL cipherlist for "high" grade ciphers. This defines
the meaning of the "high" setting in smtpd_tls_ciphers,

View File

@ -582,10 +582,10 @@ directly followed by a corresponding certificate chain.
Optional name to send to the remote SMTP server in the TLS Server
Name Indication (SNI) extension.
.PP
Available in Postfix version 3.5 and later:
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
.IP "\fBtls_fast_shutdown_enable (yes)\fR"
After sending a TLS 'close' notification, do not wait for the
TLS peer to respond.
A workaround for implementations that hang Postfix while shuting
down a TLS session, until Postfix times out.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf

View File

@ -528,10 +528,10 @@ Optional lookup tables that map names received from remote SMTP
clients via the TLS Server Name Indication (SNI) extension to the
appropriate keys and certificate chains.
.PP
Available in Postfix version 3.5 and later:
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
.IP "\fBtls_fast_shutdown_enable (yes)\fR"
After sending a TLS 'close' notification, do not wait for the
TLS peer to respond.
A workaround for implementations that hang Postfix while shuting
down a TLS session, until Postfix times out.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf

View File

@ -146,10 +146,10 @@ Optional lookup tables that map names received from remote SMTP
clients via the TLS Server Name Indication (SNI) extension to the
appropriate keys and certificate chains.
.PP
Available in Postfix version 3.5 and later:
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
.IP "\fBtls_fast_shutdown_enable (yes)\fR"
After sending a TLS 'close' notification, do not wait for the
TLS peer to respond.
A workaround for implementations that hang Postfix while shuting
down a TLS session, until Postfix times out.
.SH "STARTTLS SERVER CONTROLS"
.na
.nf

View File

@ -16256,6 +16256,14 @@ support is via the tls_ssl_options parameter. </p>
<p> This feature is available in Postfix 3.0 and later. </p>
%PARAM tls_fast_shutdown_enable yes
<p> A workaround for implementations that hang Postfix while shuting
down a TLS session, until Postfix times out. With this enabled,
Postfix will not wait for the remote TLS peer to respond to a TLS
'close' notification. This behavior is recommended for TLSv1.0 and
later. </p>
%PARAM default_delivery_status_filter
<p> Optional filter to replace the delivery status code or explanatory
@ -17622,14 +17630,3 @@ default suffix, YYYYMMDD-HHMMSS, allows logs to be rotated frequently.
</p>
<p> This feature is available in Postfix 3.4 and later. </p>
%PARAM tls_fast_shutdown_enable yes
<p> After sending a TLS 'close' notification, do not wait for the
TLS peer to respond.
According to RFC 2246 (TLSv1.0) section 7.2.1, "It is not required
for the initiator of the close to wait for the responding close_notify
alert before closing the read side of the connection." </p>
<p> Specify "tls_fast_shutdown_enable = no" to enable historical
Postfix behavior. </p>

View File

@ -3331,9 +3331,9 @@ extern char *var_tls_server_sni_maps;
extern char *var_tls_dane_digests;
/*
* Backwards compatibility for Postfix 3.5 and later.
* The default is incompatible with pre-TLSv1.0 protocols.
*/
#define VAR_TLS_FAST_SHUTDOWN "tls_fast_shutdown"
#define VAR_TLS_FAST_SHUTDOWN "tls_fast_shutdown_enable"
#define DEF_TLS_FAST_SHUTDOWN 1
extern bool var_tls_fast_shutdown;

View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20190621"
#define MAIL_RELEASE_DATE "20190724"
#define MAIL_VERSION_NUMBER "3.5"
#ifdef SNAPSHOT

View File

@ -313,6 +313,8 @@ static DICT *proxy_map_find(const char *map_type_name, int request_flags,
* deny the request.
*/
#define PROXY_MAP_FIND_ERROR_RETURN(x) { *statp = (x); return (0); }
#define PROXY_MAP_PARAM_NAME(proxy_writer) \
((proxy_writer) == 0 ? VAR_PROXY_READ_MAPS : VAR_PROXY_WRITE_MAPS)
while (strncmp(map_type_name, PROXY_COLON, PROXY_COLON_LEN) == 0)
map_type_name += PROXY_COLON_LEN;
@ -324,8 +326,7 @@ static DICT *proxy_map_find(const char *map_type_name, int request_flags,
msg_warn("to approve this table for %s access, list %s:%s in %s:%s",
proxy_writer == 0 ? "read-only" : "read-write",
DICT_TYPE_PROXY, map_type_name, MAIN_CONF_FILE,
proxy_writer == 0 ? VAR_PROXY_READ_MAPS :
VAR_PROXY_WRITE_MAPS);
PROXY_MAP_PARAM_NAME(proxy_writer));
PROXY_MAP_FIND_ERROR_RETURN(PROXY_STAT_DENY);
}
@ -695,14 +696,33 @@ static void post_jail_init(char *service_name, char **unused_argv)
var_proxy_read_maps);
proxy_auth_maps = htable_create(13);
while ((type_name = mystrtokq(&bp, sep, parens)) != 0) {
/* Maybe { maptype:mapname attr=value... } */
if (*type_name == parens[0]) {
char *err;
/* Warn about blatant syntax error. */
if ((err = extpar(&type_name, parens, EXTPAR_FLAG_NONE)) != 0) {
msg_warn("bad %s parameter value: %s",
PROXY_MAP_PARAM_NAME(proxy_writer), err);
myfree(err);
continue;
}
/* Don't try to second-guess the semantics of { }. */
if ((type_name = mystrtokq(&type_name, sep, parens)) == 0)
continue;
}
if (strncmp(type_name, PROXY_COLON, PROXY_COLON_LEN))
continue;
do {
type_name += PROXY_COLON_LEN;
} while (!strncmp(type_name, PROXY_COLON, PROXY_COLON_LEN));
if (strchr(type_name, ':') != 0
&& htable_locate(proxy_auth_maps, type_name) == 0)
&& htable_locate(proxy_auth_maps, type_name) == 0) {
(void) htable_enter(proxy_auth_maps, type_name, (void *) 0);
if (msg_verbose)
msg_info("whitelisting %s from %s", type_name,
PROXY_MAP_PARAM_NAME(proxy_writer));
}
}
myfree(saved_filter);

View File

@ -548,10 +548,10 @@
/* Optional name to send to the remote SMTP server in the TLS Server
/* Name Indication (SNI) extension.
/* .PP
/* Available in Postfix version 3.5 and later:
/* Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
/* After sending a TLS 'close' notification, do not wait for the
/* TLS peer to respond.
/* A workaround for implementations that hang Postfix while shuting
/* down a TLS session, until Postfix times out.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi

View File

@ -494,10 +494,10 @@
/* clients via the TLS Server Name Indication (SNI) extension to the
/* appropriate keys and certificate chains.
/* .PP
/* Available in Postfix version 3.5 and later:
/* Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
/* After sending a TLS 'close' notification, do not wait for the
/* TLS peer to respond.
/* A workaround for implementations that hang Postfix while shuting
/* down a TLS session, until Postfix times out.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi

View File

@ -46,6 +46,8 @@
/* char *var_tls_mgr_service;
/* char *var_tls_tkt_cipher;
/* char *var_openssl_path;
/* char *var_tls_server_sni_maps;
/* bool var_tls_fast_shutdown;
/*
/* TLS_APPL_STATE *tls_alloc_app_context(ssl_ctx, log_mask)
/* SSL_CTX *ssl_ctx;
@ -809,7 +811,6 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
const char *peer_sig_curve = 0;
const char *peer_sig_dgst = 0;
int nid;
int got_kex_key;
SSL *ssl = TLScontext->con;
int srvr = SSL_is_server(ssl);
X509 *cert;

View File

@ -130,10 +130,10 @@
/* clients via the TLS Server Name Indication (SNI) extension to the
/* appropriate keys and certificate chains.
/* .PP
/* Available in Postfix version 3.5 and later:
/* Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
/* After sending a TLS 'close' notification, do not wait for the
/* TLS peer to respond.
/* A workaround for implementations that hang Postfix while shuting
/* down a TLS session, until Postfix times out.
/* STARTTLS SERVER CONTROLS
/* .ad
/* .fi

View File

@ -129,7 +129,7 @@
#define HAS_FUTIMES /* XXX maybe earlier */
#endif
#if (defined(OpenBSD) && OpenBSD >= 199608)
#if (defined(OpenBSD) && OpenBSD >= 199608 && OpenBSD < 201105)
#define PREFERRED_RAND_SOURCE "dev:/dev/arandom" /* XXX earlier */
#endif

View File

@ -441,6 +441,8 @@ VSTRING *vstring_set_payload_size(VSTRING *vp, ssize_t len)
{
if (len < 0 || len > vp->vbuf.len)
msg_panic("vstring_set_payload_size: invalid offset: %ld", (long) len);
if (vp->vbuf.data[vp->vbuf.len] != 0)
msg_panic("vstring_set_payload_size: no safety null byte");
VSTRING_AT_OFFSET(vp, len);
return (vp);
}