mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 13:18:12 +00:00
Code Issues Releases Wiki Activity

postfix-2.6.16

Browse Source
This commit is contained in:
Wietse Venema 2012-05-20 00:00:00 -05:00 committed by Viktor Dukhovni
parent 51c345702b
commit f056b5c2f9
8 changed files with 51 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
postfix/HISTORY
View File

@ -15628,3 +15628,33 @@ Apologies for any names omitted.
a patch by Victor Duchovni. Files: proto/TLS_README.html, a patch by Victor Duchovni. Files: proto/TLS_README.html,
proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c, proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c,
tls/tls_server.c. tls/tls_server.c.
20120425
Workaround: bugs in 10-year old gcc versions break compilation
with #ifdef inside a macro invocation (NOT: definition).
Files: tls/tls.h, tls/tls_client.c, tls/tls_server.c.
20120517
Workaround: to avoid crashes when the OpenSSL library is
updated without "postfix reload", the Postfix TLS session
cache ID now includes the OpenSSL library version number.
Note: this problem cannot be fixed in tlsmgr(8). Code by
Victor Duchovni. Files: tls/tls_server.c, tls_client.c.
20120520
Bugfix (introduced Postfix 2.4): the event_drain() function
was comparing bitmasks incorrectly causing the program to
always wait for the full time limit. This error affected
the unused postkick command, but only after s/fifo/unix/
in master.cf. File: util/events.c.
Cleanup: laptop users have always been able to avoid
unnecessary disk spin-up by doing s/fifo/unix/ in master.cf
(this is currently not supported on Solaris systems).
However, to make this work reliably, the "postqueue -f"
command must wait until its requests have reached the pickup
and qmgr servers before closing the UNIX-domain request
sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in.

4
postfix/src/global/mail_version.h
View File

@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20120424" #define MAIL_RELEASE_DATE "20120520"
#define MAIL_VERSION_NUMBER "2.6.15" #define MAIL_VERSION_NUMBER "2.6.16"
#ifdef SNAPSHOT #ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE

1
postfix/src/postqueue/Makefile.in
View File

@ -61,6 +61,7 @@ postqueue.o: ../../include/argv.h
postqueue.o: ../../include/attr.h postqueue.o: ../../include/attr.h
postqueue.o: ../../include/clean_env.h postqueue.o: ../../include/clean_env.h
postqueue.o: ../../include/connect.h postqueue.o: ../../include/connect.h
postqueue.o: ../../include/events.h
postqueue.o: ../../include/flush_clnt.h postqueue.o: ../../include/flush_clnt.h
postqueue.o: ../../include/iostuff.h postqueue.o: ../../include/iostuff.h
postqueue.o: ../../include/mail_conf.h postqueue.o: ../../include/mail_conf.h

2
postfix/src/postqueue/postqueue.c
View File

@ -187,6 +187,7 @@
#include <safe.h> #include <safe.h>
#include <connect.h> #include <connect.h>
#include <valid_hostname.h> #include <valid_hostname.h>
#include <events.h>
/* Global library. */ /* Global library. */
@ -352,6 +353,7 @@ static void flush_queue(void)
if (mail_flush_maildrop() < 0) if (mail_flush_maildrop() < 0)
msg_fatal_status(EX_UNAVAILABLE, msg_fatal_status(EX_UNAVAILABLE,
"Cannot flush mail queue - mail system is down"); "Cannot flush mail queue - mail system is down");
event_drain(2);
} }
/* flush_site - flush mail for site */ /* flush_site - flush mail for site */

4
postfix/src/tls/tls.h
View File

@ -158,11 +158,15 @@ extern void tls_param_init(void);
#define TLS_PROTOCOL_TLSv1_1 (1<<3) /* TLSv1_1 */ #define TLS_PROTOCOL_TLSv1_1 (1<<3) /* TLSv1_1 */
#else #else
#define TLS_PROTOCOL_TLSv1_1 0 /* Unknown */ #define TLS_PROTOCOL_TLSv1_1 0 /* Unknown */
#undef SSL_OP_NO_TLSv1_1
#define SSL_OP_NO_TLSv1_1 0L /* Noop */
#endif #endif
#ifdef SSL_TXT_TLSV1_2 #ifdef SSL_TXT_TLSV1_2
#define TLS_PROTOCOL_TLSv1_2 (1<<4) /* TLSv1_2 */ #define TLS_PROTOCOL_TLSv1_2 (1<<4) /* TLSv1_2 */
#else #else
#define TLS_PROTOCOL_TLSv1_2 0 /* Unknown */ #define TLS_PROTOCOL_TLSv1_2 0 /* Unknown */
#undef SSL_OP_NO_TLSv1_2
#define SSL_OP_NO_TLSv1_2 0L /* Noop */
#endif #endif
#define TLS_KNOWN_PROTOCOLS \ #define TLS_KNOWN_PROTOCOLS \
( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \ ( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \

10
postfix/src/tls/tls_client.c
View File

@ -782,6 +782,12 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
msg_info("%s: TLS cipher list \"%s\"", props->namaddr, cipher_list); msg_info("%s: TLS cipher list \"%s\"", props->namaddr, cipher_list);
vstring_sprintf_append(myserverid, "&c=%s", cipher_list); vstring_sprintf_append(myserverid, "&c=%s", cipher_list);
/*
* Finally, salt the session key with the OpenSSL library version,
* (run-time, rather than compile-time, just in case that matters).
*/
vstring_sprintf_append(myserverid, "&l=%ld", (long) SSLeay());
/* /*
* Allocate a new TLScontext for the new connection and get an SSL * Allocate a new TLScontext for the new connection and get an SSL
* structure. Add the location of TLScontext to the SSL to later retrieve * structure. Add the location of TLScontext to the SSL to later retrieve
@ -814,12 +820,8 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
if (protomask != 0) if (protomask != 0)
SSL_set_options(TLScontext->con, SSL_set_options(TLScontext->con,
((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L) ((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L)
#ifdef SSL_OP_NO_TLSv1_1
| ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L) | ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L)
#endif
#ifdef SSL_OP_NO_TLSv1_2
| ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L) | ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L)
#endif
| ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L) | ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L)
| ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L)); | ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L));

7
postfix/src/tls/tls_server.c
View File

@ -150,9 +150,10 @@ static SSL_SESSION *get_server_session_cb(SSL *ssl, unsigned char *session_id,
#define GEN_CACHE_ID(buf, id, len, service) \ #define GEN_CACHE_ID(buf, id, len, service) \
do { \ do { \
buf = vstring_alloc(2 * (len) + 1 + strlen(service) + 3); \ buf = vstring_alloc(2 * (len + strlen(service))); \
hex_encode(buf, (char *) (id), (len)); \ hex_encode(buf, (char *) (id), (len)); \
vstring_sprintf_append(buf, "&s=%s", (service)); \ vstring_sprintf_append(buf, "&s=%s", (service)); \
vstring_sprintf_append(buf, "&l=%ld", (long) SSLeay()); \
} while (0) } while (0)
@ -366,12 +367,8 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
if (protomask != 0) if (protomask != 0)
SSL_CTX_set_options(server_ctx, SSL_CTX_set_options(server_ctx,
((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L) ((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L)
#ifdef SSL_OP_NO_TLSv1_1
| ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L) | ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L)
#endif
#ifdef SSL_OP_NO_TLSv1_2
| ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L) | ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L)
#endif
| ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L) | ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L)
| ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L)); | ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L));

6
postfix/src/util/events.c
View File

@ -174,6 +174,7 @@ typedef fd_set EVENT_MASK;
#define EVENT_MASK_SET(fd, mask) FD_SET((fd), (mask)) #define EVENT_MASK_SET(fd, mask) FD_SET((fd), (mask))
#define EVENT_MASK_ISSET(fd, mask) FD_ISSET((fd), (mask)) #define EVENT_MASK_ISSET(fd, mask) FD_ISSET((fd), (mask))
#define EVENT_MASK_CLR(fd, mask) FD_CLR((fd), (mask)) #define EVENT_MASK_CLR(fd, mask) FD_CLR((fd), (mask))
#define EVENT_MASK_CMP(m1, m2) memcmp((m1), (m2), EVENT_MASK_BYTE_COUNT(m1))
#else #else
/* /*
@ -220,6 +221,8 @@ typedef struct {
(EVENT_MASK_FD_BYTE((fd), (mask)) & EVENT_MASK_FD_BIT(fd)) (EVENT_MASK_FD_BYTE((fd), (mask)) & EVENT_MASK_FD_BIT(fd))
#define EVENT_MASK_CLR(fd, mask) \ #define EVENT_MASK_CLR(fd, mask) \
(EVENT_MASK_FD_BYTE((fd), (mask)) &= ~EVENT_MASK_FD_BIT(fd)) (EVENT_MASK_FD_BYTE((fd), (mask)) &= ~EVENT_MASK_FD_BIT(fd))
#define EVENT_MASK_CMP(m1, m2) \
memcmp((m1)->data, (m2)->data, EVENT_MASK_BYTE_COUNT(m1))
#endif #endif
/* /*
@ -635,8 +638,7 @@ void event_drain(int time_limit)
max_time = event_present + time_limit; max_time = event_present + time_limit;
while (event_present < max_time while (event_present < max_time
&& (event_timer_head.pred != &event_timer_head && (event_timer_head.pred != &event_timer_head
|| memcmp(&zero_mask, &event_xmask, || EVENT_MASK_CMP(&zero_mask, &event_xmask) != 0)) {
EVENT_MASK_BYTE_COUNT(&zero_mask)) != 0)) {
event_loop(1); event_loop(1);
#if (EVENTS_STYLE != EVENTS_STYLE_SELECT) #if (EVENTS_STYLE != EVENTS_STYLE_SELECT)
if (EVENT_MASK_BYTE_COUNT(&zero_mask) if (EVENT_MASK_BYTE_COUNT(&zero_mask)