TLS library overhaul. By intrigeri. File: tls/tls_dane.c.
Bugfix (introduced: Postfix-1.0.1): null pointer read, while
- logging a warning after a corrupted bounce log file. File:
- global/bounce_log.c.
+ logging a warning after reading a corrupted bounce log file.
+ File: global/bounce_log.c.
Bugfix (introduced: Postfix-2.9.0): null pointer read, while
logging a warning after a postscreen_command_filter read
- error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c
+ error. File: postscreen/postscreen_smtpd.c.
20190312
hides application performance bugs, and because that still
suffers from server-side delayed ACKs. Instead, Postfix
avoids sending "small" writes back-to-back, by choosing a
- VSTREAM buffer size that is a multiple of the reported
- MSS. This workaround bumps the multiplier from 2x to 4x.
- File: util/vstream_tweak.c.
+ VSTREAM buffer size that is a multiple of the reported MSS.
+ This workaround bumps the multiplier from 2x to 4x. File:
+ util/vstream_tweak.c.
20190825
segfault (null pointer read) or cause an SMTP server assertion
to fail when talking to a fake Dovecot server. The client
now logs a proper error instead. Problem reported by Tim
- Düsterhus. File: xsasl/xsasl_dovecot_server.c.
+ Düsterhus. File: xsasl/xsasl_dovecot_server.c.
20190908
log with error messages (see below for a specific case).
Problem reported by Andreas Schulze. File: tlsproxy/tlsproxy.c.
- Bitrot: don't invoke SSL_shutdown() when the SSL engine thinks
- that it is processing a TLS handshake. With the change at
- https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59,
- the error status was changed, incompatibly, from SSL_ERROR_NONE
+ Bitrot: don't invoke SSL_shutdown() when the SSL engine
+ thinks it is processing a TLS handshake. The commit at
+ https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59
+ changed the error status, incompatibly, from SSL_ERROR_NONE
into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c.
+
+20190918
+
+ Cleanup: the nbbio(3) library now accepts a sequence of
+ nbbio_enable_read() calls or a sequence of nbbio_enable_write()
+ calls. This allows tlsproxy(8) to reset an I/O timer after
+ each event without having to make an nbbio_disable_readwrite()
+ call. Files: util/nbbio.c, tlsproxy/tlsproxy.c.
Wish list:
- NBBIO timers can go off when a single nbbio_enable_xxx()
- call is followed by a continuous sequence of events. This
- has not been a problem in tlsproxy because the plaintext
- stream moves data faster than the ciphertext stream, so
- that plaintext events will happen in bursts instead of a
- long continuous sequence. Fix: allow calling nbbio_enable_xxx()
- when events of type 'xxx' are already enabled. Then
- nbbio_enable_xxx() can skip the event_enable_xxx() call
- before calling event_request_timer().
+ nbbio: exercise the sanity checks with fake msg(3) functions.
transport policy protocol (clone of check_policy).
Creation of such tables and secure storage (the value includes
private key material) are outside the responsibility of Postfix. </p>
-<p> With "socketmap" and "tcp" the data is be transmitted in the clear, and
+<p> With "socketmap" and "tcp" the data will be transmitted in the clear, and
there is no query access control, so these are generally unsuitable for storing
SNI chains. With LDAP and SQL, you should restrict read access and use TLS to
protect the sensitive data in transit. </p>
Creation of such tables and secure storage (the value includes
private key material) are outside the responsibility of Postfix.
.PP
-With "socketmap" and "tcp" the data is be transmitted in the clear, and
+With "socketmap" and "tcp" the data will be transmitted in the clear, and
there is no query access control, so these are generally unsuitable for storing
SNI chains. With LDAP and SQL, you should restrict read access and use TLS to
protect the sensitive data in transit.
Creation of such tables and secure storage (the value includes
private key material) are outside the responsibility of Postfix. </p>
-<p> With "socketmap" and "tcp" the data is be transmitted in the clear, and
+<p> With "socketmap" and "tcp" the data will be transmitted in the clear, and
there is no query access control, so these are generally unsuitable for storing
SNI chains. With LDAP and SQL, you should restrict read access and use TLS to
protect the sensitive data in transit. </p>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20190914"
+#define MAIL_RELEASE_DATE "20190922"
#define MAIL_VERSION_NUMBER "3.5"
#ifdef SNAPSHOT
if (NBBIO_WRITE_PEND(plaintext_buf) > 0) {
if (NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_READ)
nbbio_disable_readwrite(plaintext_buf);
- if ((NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_WRITE) == 0)
- nbbio_enable_write(plaintext_buf, state->timeout);
+ nbbio_enable_write(plaintext_buf, state->timeout);
} else if (NBBIO_READ_PEND(plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) {
if (NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_WRITE)
nbbio_disable_readwrite(plaintext_buf);
- if ((NBBIO_ACTIVE_FLAGS(plaintext_buf) & NBBIO_FLAG_READ) == 0)
- nbbio_enable_read(plaintext_buf, state->timeout);
+ nbbio_enable_read(plaintext_buf, state->timeout);
} else {
if (NBBIO_ACTIVE_FLAGS(plaintext_buf))
nbbio_slumber(plaintext_buf, state->timeout);
/* the named buffer pair, closes the stream, and destroys the
/* buffer pair.
/*
-/* nbbio_enable_read() enables a read pseudothread for the
-/* named buffer pair. It is an error to enable a read
-/* pseudothread while the read buffer is full, or while a read
-/* or write pseudothread is still enabled.
+/* nbbio_enable_read() enables a read pseudothread (if one
+/* does not already exist) for the named buffer pair, and
+/* (re)starts the buffer pair's timer. It is an error to enable
+/* a read pseudothread while the read buffer is full, or while
+/* a write pseudothread is still enabled.
/*
-/* nbbio_enable_write() enables a write pseudothread for the
-/* named buffer pair. It is an error to enable a write
-/* pseudothread while the write buffer is empty, or while a
-/* read or write pseudothread is still enabled.
+/* nbbio_enable_write() enables a write pseudothread (if one
+/* does not already exist) for the named buffer pair, and
+/* (re)starts the buffer pair's timer. It is an error to enable
+/* a write pseudothread while the write buffer is empty, or
+/* while a read pseudothread is still enabled.
/*
/* nbbio_disable_readwrite() disables any read/write pseudothreads
/* for the named buffer pair, including timeouts. To ensure
/*
* Sanity checks.
*/
- if (np->flags & NBBIO_MASK_ACTIVE)
+ if (np->flags & (NBBIO_MASK_ACTIVE & ~NBBIO_FLAG_READ))
msg_panic("%s: socket fd=%d is enabled for %s",
myname, np->fd, NBBIO_OP_NAME(np));
if (timeout <= 0)
/*
* Enable events.
*/
- event_enable_read(np->fd, nbbio_event, (void *) np);
+ if ((np->flags & NBBIO_FLAG_READ) == 0) {
+ event_enable_read(np->fd, nbbio_event, (void *) np);
+ np->flags |= NBBIO_FLAG_READ;
+ }
event_request_timer(nbbio_event, (void *) np, timeout);
- np->flags |= NBBIO_FLAG_READ;
}
/* nbbio_enable_write - enable writing from buffer to socket */
/*
* Sanity checks.
*/
- if (np->flags & NBBIO_MASK_ACTIVE)
+ if (np->flags & (NBBIO_MASK_ACTIVE & ~NBBIO_FLAG_WRITE))
msg_panic("%s: socket fd=%d is enabled for %s",
myname, np->fd, NBBIO_OP_NAME(np));
if (timeout <= 0)
- msg_panic("%s: socket fd=%d bad timeout %d",
+ msg_panic("%s: socket fd=%d: bad timeout %d",
myname, np->fd, timeout);
if (np->write_pend <= 0)
msg_panic("%s: socket fd=%d: empty write buffer",
/*
* Enable events.
*/
- event_enable_write(np->fd, nbbio_event, (void *) np);
+ if ((np->flags & NBBIO_FLAG_WRITE) == 0) {
+ event_enable_write(np->fd, nbbio_event, (void *) np);
+ np->flags |= NBBIO_FLAG_WRITE;
+ }
event_request_timer(nbbio_event, (void *) np, timeout);
- np->flags |= NBBIO_FLAG_WRITE;
}
/* nbbio_disable_readwrite - disable read/write/timer events */
projects / thirdparty / postfix.git / commitdiff
