mirror of
https://github.com/vdukhovni/postfix
synced 2025-08-22 01:49:47 +00:00
postfix-3.11-20250801
This commit is contained in:
parent
9756d67d1a
commit
e3e5fbac8c
@ -29511,3 +29511,22 @@ Apologies for any names omitted.
|
||||
conf/postfix-tls-script, discard/discard.c, error/error.c,
|
||||
oqmgr/qmgr.c, postmulti/postmulti.c, qmgr/qmgr.c,
|
||||
virtual/virtual.c.
|
||||
|
||||
20250801
|
||||
|
||||
Bugfix (defect introduced: Postfix 3.7): incorrect backwards
|
||||
compatible support for the legacy configuration parameters
|
||||
tlsproxy_client_level and tlsproxy_client_policy. This
|
||||
disabled the tlsproxy TLS client role when a legacy parameter
|
||||
was set. Reported by John Doe, diagnosed by Viktor Dukhovni.
|
||||
File: global/mail_params.h.
|
||||
|
||||
Bugfix (defect introduced: Postfix 3.4): with the TLS client
|
||||
role disabled by configuration, the tlsproxy daemon
|
||||
dereferenced a null pointer while handling a tlsproxy client
|
||||
request. Reported by John Doe. File: tlsproxy/tlsproxy.c.
|
||||
|
||||
Bugfix (defect introduced: 20250713): the import_environment
|
||||
change did not have space between POSTLOG_HOSTNAME and
|
||||
XDG_RUNTIME_DIR, breaking maillog_file support and graphical
|
||||
debugging. File: global/mail_params.h.
|
||||
|
@ -193,3 +193,4 @@ proto proto COMPATIBILITY_README html
|
||||
oqmgr qmgr c postmulti postmulti c qmgr qmgr c
|
||||
src global config_known_tcp_ports c postmulti postmulti c
|
||||
virtual virtual c
|
||||
request Reported by John Doe File tlsproxy tlsproxy c
|
||||
|
@ -4192,7 +4192,9 @@ extern bool var_tlsp_clnt_enforce_tls;
|
||||
/* Migrate an incorrect name. */
|
||||
#define OBS_TLSP_CLNT_LEVEL "tlsproxy_client_level"
|
||||
#define VAR_TLSP_CLNT_LEVEL "tlsproxy_client_security_level"
|
||||
#define DEF_TLSP_CLNT_LEVEL "${" OBS_TLSP_CLNT_LEVEL ":$" VAR_SMTP_TLS_LEVEL "}"
|
||||
#define DEF_TLSP_CLNT_LEVEL "${" OBS_TLSP_CLNT_LEVEL "?{$" \
|
||||
OBS_TLSP_CLNT_LEVEL "}:{$" \
|
||||
VAR_SMTP_TLS_LEVEL "}}"
|
||||
extern char *var_tlsp_clnt_level;
|
||||
|
||||
#define VAR_TLSP_CLNT_PER_SITE "tlsproxy_client_per_site"
|
||||
@ -4202,7 +4204,9 @@ extern char *var_tlsp_clnt_per_site;
|
||||
/* Migrate an incorrect name. */
|
||||
#define OBS_TLSP_CLNT_POLICY "tlsproxy_client_policy"
|
||||
#define VAR_TLSP_CLNT_POLICY "tlsproxy_client_policy_maps"
|
||||
#define DEF_TLSP_CLNT_POLICY "${" OBS_TLSP_CLNT_POLICY ":$" VAR_SMTP_TLS_POLICY "}"
|
||||
#define DEF_TLSP_CLNT_POLICY "${" OBS_TLSP_CLNT_POLICY "?{$" \
|
||||
OBS_TLSP_CLNT_POLICY "}:{$" \
|
||||
VAR_SMTP_TLS_POLICY "}}"
|
||||
extern char *var_tlsp_clnt_policy;
|
||||
|
||||
/*
|
||||
|
@ -20,7 +20,7 @@
|
||||
* Patches change both the patchlevel and the release date. Snapshots have no
|
||||
* patchlevel; they change the release date only.
|
||||
*/
|
||||
#define MAIL_RELEASE_DATE "20250730"
|
||||
#define MAIL_RELEASE_DATE "20250801"
|
||||
#define MAIL_VERSION_NUMBER "3.11"
|
||||
|
||||
#ifdef SNAPSHOT
|
||||
|
@ -1267,6 +1267,12 @@ static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_PARAMS *tls_params,
|
||||
init_buf = vstring_alloc(100);
|
||||
init_key = tls_proxy_client_init_serialize(attr_print_plain, init_buf,
|
||||
init_props);
|
||||
#define TLSP_CLIENT_INIT_RETURN(retval) do { \
|
||||
vstring_free(init_buf); \
|
||||
vstring_free(param_buf); \
|
||||
return (retval); \
|
||||
} while (0)
|
||||
|
||||
if (tlsp_pre_jail_done == 0) {
|
||||
if (tlsp_pre_jail_client_param_key == 0
|
||||
|| tlsp_pre_jail_client_init_key == 0) {
|
||||
@ -1284,8 +1290,11 @@ static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_PARAMS *tls_params,
|
||||
* TLS_APPL_STATE instance; this makes a mismatch of TLS_CLIENT_PARAMS
|
||||
* settings problematic.
|
||||
*/
|
||||
if (tlsp_pre_jail_done
|
||||
&& !been_here_fixed(tlsp_params_mismatch_filter, param_key)
|
||||
else if (tlsp_pre_jail_client_param_key == 0
|
||||
|| tlsp_pre_jail_client_init_key == 0) {
|
||||
msg_warn("TLS client role is disabled by configuration");
|
||||
TLSP_CLIENT_INIT_RETURN(0);
|
||||
} else if (!been_here_fixed(tlsp_params_mismatch_filter, param_key)
|
||||
&& strcmp(tlsp_pre_jail_client_param_key, param_key) != 0) {
|
||||
msg_warn("request from tlsproxy client with unexpected settings");
|
||||
tlsp_log_config_diff(tlsp_pre_jail_client_param_key, param_key);
|
||||
@ -1361,9 +1370,7 @@ static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_PARAMS *tls_params,
|
||||
SSL_MODE_ENABLE_PARTIAL_WRITE
|
||||
| SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
||||
}
|
||||
vstring_free(init_buf);
|
||||
vstring_free(param_buf);
|
||||
return (appl_state);
|
||||
TLSP_CLIENT_INIT_RETURN(appl_state);
|
||||
}
|
||||
|
||||
/* tlsp_close_event - pre-handshake plaintext-client close event */
|
||||
@ -1497,6 +1504,7 @@ static void tlsp_get_request_event(int event, void *context)
|
||||
TLSP_INIT_TIMEOUT, (void *) state);
|
||||
return;
|
||||
} else {
|
||||
state->flags |= TLSP_FLAG_DO_HANDSHAKE;
|
||||
tlsp_request_read_event(plaintext_fd, tlsp_get_fd_event,
|
||||
TLSP_INIT_TIMEOUT, (void *) state);
|
||||
return;
|
||||
|
@ -105,7 +105,7 @@ TLSP_STATE *tlsp_state_create(const char *service,
|
||||
{
|
||||
TLSP_STATE *state = (TLSP_STATE *) mymalloc(sizeof(*state));
|
||||
|
||||
state->flags = TLSP_FLAG_DO_HANDSHAKE;
|
||||
state->flags = 0;
|
||||
state->service = mystrdup(service);
|
||||
state->plaintext_stream = plaintext_stream;
|
||||
state->plaintext_buf = 0;
|
||||
|
Loading…
x
Reference in New Issue
Block a user