Tech debt: restructured initialization of $service_name.
Also enforced that Postfix daemons ignore $process_name and
$service_name parameter settings in main.cf or master.cf
- (parameters are read-only). Files: master/dgram_server.c,
- master/event_server.c, master/multi_server.c,
- master/single_server.c, master/trigger_server.c,
- postconf/postconf_builtin.c.
+ (parameters are read-only). Files: global/mail_params.c,
+ master/dgram_server.c, master/event_server.c,
+ master/multi_server.c, master/single_server.c,
+ master/trigger_server.c, postconf/postconf_builtin.c.
20260508
- Claude AI findings, bought to our attention by Robert Sayre.
+ Claude AI findings, brought to our attention by Robert Sayre.
Deleted an obsolete __MAXINT__ definition (util/timecmp.c);
fixed a signed integer overshift operation (util/vstring.h).
Files: proto/PTEST_README.html, ptest/ptest_log.c,
ptest/ptest_log_test.c, ptest/ptest_run.c.
+20260509
+
+ Bitrot fixes: deprecation warning with OpenSSL 4.0
+ (tls/tls_dane.c); race condition fix in a test script
+ (tls/dls_dane.sh). Viktor Dukhovni.
+
+20260510
+
+ Bugfix (defect introduced: 20260507): unterminated comment
+ caused missing initializations, crashing postscreen with a
+ null pointer while handling a STARTTLS request. Report by
+ Florian Piekert, fix by Viktor Dukhovni with Claude AI.
+ Files: master/dgram_server.c, master/event_server.c,
+ master/multi_server.c, master/single_server.c,
+ src/master/trigger_server.c.
+
TODO
Reorganize PTEST_LIB, PMOCK_LIB, TESTLIB, TESTLIBS, etc.
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20260508"
+#define MAIL_RELEASE_DATE "20260510"
#define MAIL_VERSION_NUMBER "3.12"
#ifdef SNAPSHOT
break;
}
}
- /* Read-only parameters must not be changed with '-o name=value'.
+ /* Read-only parameters must not be changed with '-o name=value'. */
set_mail_conf_str(VAR_PROCNAME, var_procname);
- var_servname = mystrdup(servname);
+ var_servname = mystrdup(service_name);
set_mail_conf_str(VAR_SERVNAME, var_servname);
/*
break;
}
}
- /* Read-only parameters must not be changed with '-o name=value'.
+ /* Read-only parameters must not be changed with '-o name=value'. */
set_mail_conf_str(VAR_PROCNAME, var_procname);
- var_servname = mystrdup(servname);
+ var_servname = mystrdup(service_name);
set_mail_conf_str(VAR_SERVNAME, var_servname);
/*
break;
}
}
- /* Read-only parameters must not be changed with '-o name=value'.
+ /* Read-only parameters must not be changed with '-o name=value'. */
set_mail_conf_str(VAR_PROCNAME, var_procname);
- var_servname = mystrdup(servname);
+ var_servname = mystrdup(service_name);
set_mail_conf_str(VAR_SERVNAME, var_servname);
/*
break;
}
}
- /* Read-only parameters must not be changed with '-o name=value'.
+ /* Read-only parameters must not be changed with '-o name=value'. */
set_mail_conf_str(VAR_PROCNAME, var_procname);
- var_servname = mystrdup(servname);
+ var_servname = mystrdup(service_name);
set_mail_conf_str(VAR_SERVNAME, var_servname);
/*
break;
}
}
- /* Read-only parameters must not be changed with '-o name=value'.
+ /* Read-only parameters must not be changed with '-o name=value'. */
set_mail_conf_str(VAR_PROCNAME, var_procname);
- var_servname = mystrdup(servname);
+ var_servname = mystrdup(service_name);
set_mail_conf_str(VAR_SERVNAME, var_servname);
/*
SSL_dane_set_flags(tctx->con, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
SSL_dane_set_flags(tctx->con, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
for (i = 7; i < argc; ++i)
- if (!SSL_add1_host(tctx->con, argv[i]))
+ if (!TLS_ADD1_HOST(tctx->con, argv[i]))
msg_fatal("error adding hostname: %s", argv[i]);
load_tlsa_args(tctx->con, argv);
SSL_set_connect_state(tctx->con);
local akid=$1; shift
exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = CA:true")
+ key "$key"
req "$key" "$cn" |
cert "$cert" "$exts" -signkey "${key}.pem" -set_serial 1 -days 30
}
local cakey=$1; shift
exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = CA:true")
+ key "$key"
req "$key" "$cn" |
cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
-set_serial 2 -days 30 "$@"
"basicConstraints = CA:false" \
"extendedKeyUsage = serverAuth" \
"subjectAltName = @alts" "DNS=${cn}")
+ key "$key"
req "$key" "$cn" |
cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
-set_serial 2 -days 30 "$@"
"basicConstraints = CA:true" \
"extendedKeyUsage = serverAuth" \
"subjectAltName = @alts" "DNS=${cn}")
+ key "$key"
req "$key" "$cn" |
cert "$cert" "$exts" -set_serial 1 -days 30 -signkey "${key}.pem" "$@"
}
local key=$1; shift
local cert=$1; shift
+ key "$key"
req_nocn "$key" |
- cert "$cert" "" -signkey "${key}.pem" -set_serial 1 -days -1 "$@"
+ cert "$cert" "" -signkey "${key}.pem" -set_serial 1 -days 0 "$@"
}
runtest() {
projects / thirdparty / postfix.git / commitdiff
