diff --git a/postfix/HISTORY b/postfix/HISTORY index db6dfb59c..1982d6e69 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -29511,3 +29511,22 @@ Apologies for any names omitted. conf/postfix-tls-script, discard/discard.c, error/error.c, oqmgr/qmgr.c, postmulti/postmulti.c, qmgr/qmgr.c, virtual/virtual.c. + +20250801 + + Bugfix (defect introduced: Postfix 3.7): incorrect backwards + compatible support for the legacy configuration parameters + tlsproxy_client_level and tlsproxy_client_policy. This + disabled the tlsproxy TLS client role when a legacy parameter + was set. Reported by John Doe, diagnosed by Viktor Dukhovni. + File: global/mail_params.h. + + Bugfix (defect introduced: Postfix 3.4): with the TLS client + role disabled by configuration, the tlsproxy daemon + dereferenced a null pointer while handling a tlsproxy client + request. Reported by John Doe. File: tlsproxy/tlsproxy.c. + + Bugfix (defect introduced: 20250713): the import_environment + change did not have space between POSTLOG_HOSTNAME and + XDG_RUNTIME_DIR, breaking maillog_file support and graphical + debugging. File: global/mail_params.h. diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index 4b800e3ab..0bf01b7ed 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -193,3 +193,4 @@ proto proto COMPATIBILITY_README html oqmgr qmgr c postmulti postmulti c qmgr qmgr c src global config_known_tcp_ports c postmulti postmulti c virtual virtual c + request Reported by John Doe File tlsproxy tlsproxy c diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index cf7d791ea..275116ff2 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -2663,7 +2663,7 @@ extern int var_fflush_refresh; #define VAR_IMPORT_ENVIRON "import_environment" #define DEF_IMPORT_ENVIRON "MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG " \ "TZ XAUTHORITY DISPLAY LANG=C " \ - "POSTLOG_SERVICE POSTLOG_HOSTNAME" \ + "POSTLOG_SERVICE POSTLOG_HOSTNAME " \ "XDG_RUNTIME_DIR" extern char *var_import_environ; @@ -4192,7 +4192,9 @@ extern bool var_tlsp_clnt_enforce_tls; /* Migrate an incorrect name. */ #define OBS_TLSP_CLNT_LEVEL "tlsproxy_client_level" #define VAR_TLSP_CLNT_LEVEL "tlsproxy_client_security_level" -#define DEF_TLSP_CLNT_LEVEL "${" OBS_TLSP_CLNT_LEVEL ":$" VAR_SMTP_TLS_LEVEL "}" +#define DEF_TLSP_CLNT_LEVEL "${" OBS_TLSP_CLNT_LEVEL "?{$" \ + OBS_TLSP_CLNT_LEVEL "}:{$" \ + VAR_SMTP_TLS_LEVEL "}}" extern char *var_tlsp_clnt_level; #define VAR_TLSP_CLNT_PER_SITE "tlsproxy_client_per_site" @@ -4202,7 +4204,9 @@ extern char *var_tlsp_clnt_per_site; /* Migrate an incorrect name. */ #define OBS_TLSP_CLNT_POLICY "tlsproxy_client_policy" #define VAR_TLSP_CLNT_POLICY "tlsproxy_client_policy_maps" -#define DEF_TLSP_CLNT_POLICY "${" OBS_TLSP_CLNT_POLICY ":$" VAR_SMTP_TLS_POLICY "}" +#define DEF_TLSP_CLNT_POLICY "${" OBS_TLSP_CLNT_POLICY "?{$" \ + OBS_TLSP_CLNT_POLICY "}:{$" \ + VAR_SMTP_TLS_POLICY "}}" extern char *var_tlsp_clnt_policy; /* diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 56b86a414..6be519523 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20250730" +#define MAIL_RELEASE_DATE "20250801" #define MAIL_VERSION_NUMBER "3.11" #ifdef SNAPSHOT diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index 241f8e72d..5eb6027ce 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -1267,6 +1267,12 @@ static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_PARAMS *tls_params, init_buf = vstring_alloc(100); init_key = tls_proxy_client_init_serialize(attr_print_plain, init_buf, init_props); +#define TLSP_CLIENT_INIT_RETURN(retval) do { \ + vstring_free(init_buf); \ + vstring_free(param_buf); \ + return (retval); \ + } while (0) + if (tlsp_pre_jail_done == 0) { if (tlsp_pre_jail_client_param_key == 0 || tlsp_pre_jail_client_init_key == 0) { @@ -1284,9 +1290,12 @@ static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_PARAMS *tls_params, * TLS_APPL_STATE instance; this makes a mismatch of TLS_CLIENT_PARAMS * settings problematic. */ - if (tlsp_pre_jail_done - && !been_here_fixed(tlsp_params_mismatch_filter, param_key) - && strcmp(tlsp_pre_jail_client_param_key, param_key) != 0) { + else if (tlsp_pre_jail_client_param_key == 0 + || tlsp_pre_jail_client_init_key == 0) { + msg_warn("TLS client role is disabled by configuration"); + TLSP_CLIENT_INIT_RETURN(0); + } else if (!been_here_fixed(tlsp_params_mismatch_filter, param_key) + && strcmp(tlsp_pre_jail_client_param_key, param_key) != 0) { msg_warn("request from tlsproxy client with unexpected settings"); tlsp_log_config_diff(tlsp_pre_jail_client_param_key, param_key); log_hints = 1; @@ -1361,9 +1370,7 @@ static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_PARAMS *tls_params, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); } - vstring_free(init_buf); - vstring_free(param_buf); - return (appl_state); + TLSP_CLIENT_INIT_RETURN(appl_state); } /* tlsp_close_event - pre-handshake plaintext-client close event */ @@ -1497,6 +1504,7 @@ static void tlsp_get_request_event(int event, void *context) TLSP_INIT_TIMEOUT, (void *) state); return; } else { + state->flags |= TLSP_FLAG_DO_HANDSHAKE; tlsp_request_read_event(plaintext_fd, tlsp_get_fd_event, TLSP_INIT_TIMEOUT, (void *) state); return; diff --git a/postfix/src/tlsproxy/tlsproxy_state.c b/postfix/src/tlsproxy/tlsproxy_state.c index df6cbda1d..4a08d17fe 100644 --- a/postfix/src/tlsproxy/tlsproxy_state.c +++ b/postfix/src/tlsproxy/tlsproxy_state.c @@ -105,7 +105,7 @@ TLSP_STATE *tlsp_state_create(const char *service, { TLSP_STATE *state = (TLSP_STATE *) mymalloc(sizeof(*state)); - state->flags = TLSP_FLAG_DO_HANDSHAKE; + state->flags = 0; state->service = mystrdup(service); state->plaintext_stream = plaintext_stream; state->plaintext_buf = 0;