Misc fixes for gcc 'multiple definition' errors. Files:
master/master_vars.c, smtp/smtp.c, proxymap/proxymap.c.
+
+20200419
+
+ Bugfix: segfault in the tlsproxy client role when the server
+ role was disabled. This typically happens with a first-time
+ Postfix install and after configuring only outbound TLS.
+ File: tlsproxy/tlsproxy.c.
+
+ Portability: libc-musl breaks TLSA/DANE. Force the user to
+ override a test and accept that Postfix will not support
+ TLSA/DANE. File: makedefs.
# No ${x%%y} support in Solaris 11 /bin/sh
RELEASE_MAJOR=`expr "$RELEASE" : '\([0-9]*\)'` || exit 1
VERSION=`(uname -v) 2>/dev/null`
+ case "$SYSTEM.$VERSION" in
+ Linux.#[0-9]*-Alpine*)
+ case "$CCARGS" in
+ *-DNO_DNSSEC*) ;;
+ *) echo Warning: libc-musl breaks DANE/TLSA security. 1>&2
+ echo Use a glibc-based Linux distribution, or build 1>&2
+ echo with: 'make makefiles CCARGS="-DNO_DNSSEC ..."'. 1>&2
+ exit 1;;
+ esac;
+ esac
case "$VERSION" in
dcosx*) SYSTEM=$VERSION;;
esac;;
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20200416"
+#define MAIL_RELEASE_DATE "20200419"
#define MAIL_VERSION_NUMBER "3.6"
#ifdef SNAPSHOT
TLSP_INIT_TIMEOUT, (void *) state);
}
-/* pre_jail_init - pre-jail initialization */
+/* pre_jail_init_server - pre-jail initialization */
-static void pre_jail_init(char *unused_name, char **unused_argv)
+static void pre_jail_init_server(void)
{
TLS_SERVER_INIT_PROPS props;
const char *cert_file;
int have_server_cert;
int no_server_cert_ok;
int require_server_cert;
- int clnt_use_tls;
/*
* The code in this routine is pasted literally from smtpd(8). I am not
}
var_tlsp_use_tls = var_tlsp_use_tls || var_tlsp_enforce_tls;
if (!var_tlsp_use_tls) {
- msg_warn("TLS service is requested, but disabled with %s or %s",
+ msg_warn("TLS server role is disabled with %s or %s",
VAR_TLSP_TLS_LEVEL, VAR_TLSP_USE_TLS);
return;
}
SSL_CTX_set_mode(tlsp_server_ctx->ssl_ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE
| SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+}
+
+/* pre_jail_init_client - pre-jail initialization */
+
+static void pre_jail_init_client(void)
+{
+ int clnt_use_tls;
/*
* The cache with TLS_APPL_STATE instances for different TLS_CLIENT_INIT
msg_warn("TLS client initialization failed");
}
}
+}
+
+/* pre_jail_init - pre-jail initialization */
+
+static void pre_jail_init(char *unused_name, char **unused_argv)
+{
+
+ /*
+ * Initialize roles separately.
+ */
+ pre_jail_init_server();
+ pre_jail_init_client();
/*
* tlsp_client_init() needs to know if it is called pre-jail or
projects / thirdparty / postfix.git / commitdiff
