diff --git a/postfix/HISTORY b/postfix/HISTORY
index 9b5dd7074..80bbe08c5 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -24307,13 +24307,12 @@ Apologies for any names omitted.
to indicate final delivery. Files: smtp/smtp.c, smtp/smtp.h,
smtp/smtp_misc.c, smtp/smtp_proto.c, smtp/smtp_rcpt.c.
- Cleanup: don't wait for the TLS peer to respond after sending
- a TLS 'close' notification. This should be safe with TLSv1.0
- and later. Specify "tls_fast_shutdown_enable = no" to enable
- historical behavior where Postfix waits, and then sends a
- second TLS 'close' notification before closing the TCP
- connection. Files: global/mail_params.h, tls/tls_session.c,
- and documentation.
+ Workaround for implementations that hang Postfix while
+ shutting down a TLS session, until Postfix times out. With
+ "tls_fast_shutdown_enable = yes" (the default), Postfix no
+ longer waits for the TLS peer to respond to a TLS 'close'
+ request. This is recommended with TLSv1.0 and later. Files:
+ global/mail_params.h, tls/tls_session.c, and documentation.
20190618
@@ -24329,8 +24328,29 @@ Apologies for any names omitted.
protocol error. This limits the impact of, for example,
pipelining synchronization errors. File: smtp/smtp_trouble.c.
- Bugfix: the code to reset command counts was not called
- after a HaProxy handshake failure, causing stale numbers
- to be reported. The command counts are now reset in the
- function that reports the counts. File: smtpd/smtpd.c.
- command-read loop to the function that reports the counts.
+ Bugfix (introduced: Postfix 3.0): the code to reset Postfix
+ SMTP server command counts was not called after a HaProxy
+ handshake failure, causing stale numbers to be reported.
+ The command counts are now reset in the function that reports
+ the counts. Problem report by Joseph Ward. File: smtpd/smtpd.c.
+
+20190719
+
+ Bitrot: OpenBSD stopped having /dev/arandom 8 years ago.
+ Brad Smith. File: util/sys_defs.h.
+
+20190723
+
+ Bugfix: the documentation said tls_fast_shutdown_enable,
+ but the code said tls_fast_shutdown. Viktor Dukhovni. Changed
+ the code because no-one is expected to override the default.
+ File: global/mail_params.h.
+
+20190724
+
+ Cleanup: proxymap(8) support for table search order syntax.
+ File: proxymap/proxymap.c.
+
+ Safety: vstring_set_payload_size() now checks that the
+ payload has not overwritten the safety terminator at the
+ end of the VSTRING buffer. File: util/vstream.c.
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index f27f3ae0a..c09ead35a 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -25,22 +25,15 @@ more recent Eclipse Public License 2.0. Recipients can choose to take
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
-Incompatibility with snapshot 20190615
-====================================
-
-The Postfix TLS library by default no longer waits after sending a
-TLS 'close' notification. This should be safe with TLSv1.0 and
-later. Specify "tls_fast_shutdown_enable = no" to enable historical
-Postfix behavior.
-
Major changes with snapshot 20190615
====================================
-After sending a TLS 'close' notification, the Postfix library by
-default no longer waits for the TLS peer to respond. According to
-RFC 2246 (TLSv1.0) section 7.2.1, "It is not required for the
-initiator of the close to wait for the responding close_notify alert
-before closing the read side of the connection."
+This release introduces a workaround for implementations that hang
+Postfix while shutting down a TLS session, until Postfix times out.
+With "tls_fast_shutdown_enable = yes" (the default), Postfix no
+longer waits for a remote TLS peer to respond to a TLS 'close'
+request. This behavior is recommended with TLSv1.0 and later. Specify
+"tls_fast_shutdown_enable = no" to get historical Postfix behavior.
Dovecot usability: the SMTP+LMTP delivery agent can now prepend
Delivered-To, X-Original-To and Return-Path headers, just like the
diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html
index c881e403d..fcb5d6c4e 100644
--- a/postfix/html/lmtp.8.html
+++ b/postfix/html/lmtp.8.html
@@ -640,11 +640,11 @@ SMTP(8) SMTP(8)
Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
- Available in Postfix version 3.5 and later:
+ Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
tls_fast_shutdown_enable (yes)
- After sending a TLS 'close' notification, do not wait for the
- TLS peer to respond.
+ A workaround for implementations that hang Postfix while shuting
+ down a TLS session, until Postfix times out.
OBSOLETE STARTTLS CONTROLS
The following configuration parameters exist for compatibility with
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 014c8f7ab..9b999b076 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -18548,14 +18548,11 @@ encouraged to not change this setting.
tls_fast_shutdown_enable
(default: yes)
- After sending a TLS 'close' notification, do not wait for the
-TLS peer to respond.
-According to RFC 2246 (TLSv1.0) section 7.2.1, "It is not required
-for the initiator of the close to wait for the responding close_notify
-alert before closing the read side of the connection."
-
- Specify "tls_fast_shutdown_enable = no" to enable historical
-Postfix behavior.
+ A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out. With this enabled,
+Postfix will not wait for the remote TLS peer to respond to a TLS
+'close' notification. This behavior is recommended for TLSv1.0 and
+later.
diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html
index c881e403d..fcb5d6c4e 100644
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@@ -640,11 +640,11 @@ SMTP(8) SMTP(8)
Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
- Available in Postfix version 3.5 and later:
+ Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
tls_fast_shutdown_enable (yes)
- After sending a TLS 'close' notification, do not wait for the
- TLS peer to respond.
+ A workaround for implementations that hang Postfix while shuting
+ down a TLS session, until Postfix times out.
OBSOLETE STARTTLS CONTROLS
The following configuration parameters exist for compatibility with
diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html
index 620af98b8..a76a1114c 100644
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -589,11 +589,11 @@ SMTPD(8) SMTPD(8)
clients via the TLS Server Name Indication (SNI) extension to
the appropriate keys and certificate chains.
- Available in Postfix version 3.5 and later:
+ Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
tls_fast_shutdown_enable (yes)
- After sending a TLS 'close' notification, do not wait for the
- TLS peer to respond.
+ A workaround for implementations that hang Postfix while shuting
+ down a TLS session, until Postfix times out.
OBSOLETE STARTTLS CONTROLS
The following configuration parameters exist for compatibility with
diff --git a/postfix/html/tlsproxy.8.html b/postfix/html/tlsproxy.8.html
index 11603cd8f..9a604996b 100644
--- a/postfix/html/tlsproxy.8.html
+++ b/postfix/html/tlsproxy.8.html
@@ -144,11 +144,11 @@ TLSPROXY(8) TLSPROXY(8)
clients via the TLS Server Name Indication (SNI) extension to
the appropriate keys and certificate chains.
- Available in Postfix version 3.5 and later:
+ Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
tls_fast_shutdown_enable (yes)
- After sending a TLS 'close' notification, do not wait for the
- TLS peer to respond.
+ A workaround for implementations that hang Postfix while shuting
+ down a TLS session, until Postfix times out.
STARTTLS SERVER CONTROLS
These settings are clones of Postfix SMTP server settings. They allow
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 52e7fe5ec..51d39bc12 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -12944,14 +12944,11 @@ encouraged to not change this setting.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_fast_shutdown_enable (default: yes)
-After sending a TLS 'close' notification, do not wait for the
-TLS peer to respond.
-According to RFC 2246 (TLSv1.0) section 7.2.1, "It is not required
-for the initiator of the close to wait for the responding close_notify
-alert before closing the read side of the connection."
-.PP
-Specify "tls_fast_shutdown_enable = no" to enable historical
-Postfix behavior.
+A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out. With this enabled,
+Postfix will not wait for the remote TLS peer to respond to a TLS
+'close' notification. This behavior is recommended for TLSv1.0 and
+later.
.SH tls_high_cipherlist (default: see "postconf \-d" output)
The OpenSSL cipherlist for "high" grade ciphers. This defines
the meaning of the "high" setting in smtpd_tls_ciphers,
diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8
index 54e26c447..b9f06b7a2 100644
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@@ -582,10 +582,10 @@ directly followed by a corresponding certificate chain.
Optional name to send to the remote SMTP server in the TLS Server
Name Indication (SNI) extension.
.PP
-Available in Postfix version 3.5 and later:
+Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
.IP "\fBtls_fast_shutdown_enable (yes)\fR"
-After sending a TLS 'close' notification, do not wait for the
-TLS peer to respond.
+A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8
index d69ea109e..970fcaca2 100644
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -528,10 +528,10 @@ Optional lookup tables that map names received from remote SMTP
clients via the TLS Server Name Indication (SNI) extension to the
appropriate keys and certificate chains.
.PP
-Available in Postfix version 3.5 and later:
+Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
.IP "\fBtls_fast_shutdown_enable (yes)\fR"
-After sending a TLS 'close' notification, do not wait for the
-TLS peer to respond.
+A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
diff --git a/postfix/man/man8/tlsproxy.8 b/postfix/man/man8/tlsproxy.8
index cd1ae918c..78a3699fd 100644
--- a/postfix/man/man8/tlsproxy.8
+++ b/postfix/man/man8/tlsproxy.8
@@ -146,10 +146,10 @@ Optional lookup tables that map names received from remote SMTP
clients via the TLS Server Name Indication (SNI) extension to the
appropriate keys and certificate chains.
.PP
-Available in Postfix version 3.5 and later:
+Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
.IP "\fBtls_fast_shutdown_enable (yes)\fR"
-After sending a TLS 'close' notification, do not wait for the
-TLS peer to respond.
+A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out.
.SH "STARTTLS SERVER CONTROLS"
.na
.nf
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index c1da28193..d545e35e9 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -16256,6 +16256,14 @@ support is via the tls_ssl_options parameter.
This feature is available in Postfix 3.0 and later.
+%PARAM tls_fast_shutdown_enable yes
+
+ A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out. With this enabled,
+Postfix will not wait for the remote TLS peer to respond to a TLS
+'close' notification. This behavior is recommended for TLSv1.0 and
+later.
+
%PARAM default_delivery_status_filter
Optional filter to replace the delivery status code or explanatory
@@ -17622,14 +17630,3 @@ default suffix, YYYYMMDD-HHMMSS, allows logs to be rotated frequently.
This feature is available in Postfix 3.4 and later.
-
-%PARAM tls_fast_shutdown_enable yes
-
- After sending a TLS 'close' notification, do not wait for the
-TLS peer to respond.
-According to RFC 2246 (TLSv1.0) section 7.2.1, "It is not required
-for the initiator of the close to wait for the responding close_notify
-alert before closing the read side of the connection."
-
- Specify "tls_fast_shutdown_enable = no" to enable historical
-Postfix behavior.
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 258c5dcad..512497dab 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -3331,9 +3331,9 @@ extern char *var_tls_server_sni_maps;
extern char *var_tls_dane_digests;
/*
- * Backwards compatibility for Postfix 3.5 and later.
+ * The default is incompatible with pre-TLSv1.0 protocols.
*/
-#define VAR_TLS_FAST_SHUTDOWN "tls_fast_shutdown"
+#define VAR_TLS_FAST_SHUTDOWN "tls_fast_shutdown_enable"
#define DEF_TLS_FAST_SHUTDOWN 1
extern bool var_tls_fast_shutdown;
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 9b410a92b..819754f35 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20190621"
+#define MAIL_RELEASE_DATE "20190724"
#define MAIL_VERSION_NUMBER "3.5"
#ifdef SNAPSHOT
diff --git a/postfix/src/proxymap/proxymap.c b/postfix/src/proxymap/proxymap.c
index f405257cd..51c36a870 100644
--- a/postfix/src/proxymap/proxymap.c
+++ b/postfix/src/proxymap/proxymap.c
@@ -313,6 +313,8 @@ static DICT *proxy_map_find(const char *map_type_name, int request_flags,
* deny the request.
*/
#define PROXY_MAP_FIND_ERROR_RETURN(x) { *statp = (x); return (0); }
+#define PROXY_MAP_PARAM_NAME(proxy_writer) \
+ ((proxy_writer) == 0 ? VAR_PROXY_READ_MAPS : VAR_PROXY_WRITE_MAPS)
while (strncmp(map_type_name, PROXY_COLON, PROXY_COLON_LEN) == 0)
map_type_name += PROXY_COLON_LEN;
@@ -324,8 +326,7 @@ static DICT *proxy_map_find(const char *map_type_name, int request_flags,
msg_warn("to approve this table for %s access, list %s:%s in %s:%s",
proxy_writer == 0 ? "read-only" : "read-write",
DICT_TYPE_PROXY, map_type_name, MAIN_CONF_FILE,
- proxy_writer == 0 ? VAR_PROXY_READ_MAPS :
- VAR_PROXY_WRITE_MAPS);
+ PROXY_MAP_PARAM_NAME(proxy_writer));
PROXY_MAP_FIND_ERROR_RETURN(PROXY_STAT_DENY);
}
@@ -695,14 +696,33 @@ static void post_jail_init(char *service_name, char **unused_argv)
var_proxy_read_maps);
proxy_auth_maps = htable_create(13);
while ((type_name = mystrtokq(&bp, sep, parens)) != 0) {
+ /* Maybe { maptype:mapname attr=value... } */
+ if (*type_name == parens[0]) {
+ char *err;
+
+ /* Warn about blatant syntax error. */
+ if ((err = extpar(&type_name, parens, EXTPAR_FLAG_NONE)) != 0) {
+ msg_warn("bad %s parameter value: %s",
+ PROXY_MAP_PARAM_NAME(proxy_writer), err);
+ myfree(err);
+ continue;
+ }
+ /* Don't try to second-guess the semantics of { }. */
+ if ((type_name = mystrtokq(&type_name, sep, parens)) == 0)
+ continue;
+ }
if (strncmp(type_name, PROXY_COLON, PROXY_COLON_LEN))
continue;
do {
type_name += PROXY_COLON_LEN;
} while (!strncmp(type_name, PROXY_COLON, PROXY_COLON_LEN));
if (strchr(type_name, ':') != 0
- && htable_locate(proxy_auth_maps, type_name) == 0)
+ && htable_locate(proxy_auth_maps, type_name) == 0) {
(void) htable_enter(proxy_auth_maps, type_name, (void *) 0);
+ if (msg_verbose)
+ msg_info("whitelisting %s from %s", type_name,
+ PROXY_MAP_PARAM_NAME(proxy_writer));
+ }
}
myfree(saved_filter);
diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c
index 3564818cb..2daa9b410 100644
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@@ -548,10 +548,10 @@
/* Optional name to send to the remote SMTP server in the TLS Server
/* Name Indication (SNI) extension.
/* .PP
-/* Available in Postfix version 3.5 and later:
+/* Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
-/* After sending a TLS 'close' notification, do not wait for the
-/* TLS peer to respond.
+/* A workaround for implementations that hang Postfix while shuting
+/* down a TLS session, until Postfix times out.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index 6e0ee7b1e..afec33d31 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -494,10 +494,10 @@
/* clients via the TLS Server Name Indication (SNI) extension to the
/* appropriate keys and certificate chains.
/* .PP
-/* Available in Postfix version 3.5 and later:
+/* Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
-/* After sending a TLS 'close' notification, do not wait for the
-/* TLS peer to respond.
+/* A workaround for implementations that hang Postfix while shuting
+/* down a TLS session, until Postfix times out.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c
index a6f572403..527233dfe 100644
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -46,6 +46,8 @@
/* char *var_tls_mgr_service;
/* char *var_tls_tkt_cipher;
/* char *var_openssl_path;
+/* char *var_tls_server_sni_maps;
+/* bool var_tls_fast_shutdown;
/*
/* TLS_APPL_STATE *tls_alloc_app_context(ssl_ctx, log_mask)
/* SSL_CTX *ssl_ctx;
@@ -809,7 +811,6 @@ void tls_get_signature_params(TLS_SESS_STATE *TLScontext)
const char *peer_sig_curve = 0;
const char *peer_sig_dgst = 0;
int nid;
- int got_kex_key;
SSL *ssl = TLScontext->con;
int srvr = SSL_is_server(ssl);
X509 *cert;
diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c
index f3e4e23cf..7e47efe9a 100644
--- a/postfix/src/tlsproxy/tlsproxy.c
+++ b/postfix/src/tlsproxy/tlsproxy.c
@@ -130,10 +130,10 @@
/* clients via the TLS Server Name Indication (SNI) extension to the
/* appropriate keys and certificate chains.
/* .PP
-/* Available in Postfix version 3.5 and later:
+/* Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
-/* After sending a TLS 'close' notification, do not wait for the
-/* TLS peer to respond.
+/* A workaround for implementations that hang Postfix while shuting
+/* down a TLS session, until Postfix times out.
/* STARTTLS SERVER CONTROLS
/* .ad
/* .fi
diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h
index 1385acace..6e998cb35 100644
--- a/postfix/src/util/sys_defs.h
+++ b/postfix/src/util/sys_defs.h
@@ -129,7 +129,7 @@
#define HAS_FUTIMES /* XXX maybe earlier */
#endif
-#if (defined(OpenBSD) && OpenBSD >= 199608)
+#if (defined(OpenBSD) && OpenBSD >= 199608 && OpenBSD < 201105)
#define PREFERRED_RAND_SOURCE "dev:/dev/arandom" /* XXX earlier */
#endif
diff --git a/postfix/src/util/vstring.c b/postfix/src/util/vstring.c
index 6dca2369b..941d476a9 100644
--- a/postfix/src/util/vstring.c
+++ b/postfix/src/util/vstring.c
@@ -441,6 +441,8 @@ VSTRING *vstring_set_payload_size(VSTRING *vp, ssize_t len)
{
if (len < 0 || len > vp->vbuf.len)
msg_panic("vstring_set_payload_size: invalid offset: %ld", (long) len);
+ if (vp->vbuf.data[vp->vbuf.len] != 0)
+ msg_panic("vstring_set_payload_size: no safety null byte");
VSTRING_AT_OFFSET(vp, len);
return (vp);
}