From: Wietse Venema Date: Sun, 24 Nov 2019 05:00:00 +0000 (-0500) Subject: postfix-3.4.8 X-Git-Tag: v3.4.8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58f64a74ba0f2cb8e2c475fc30dbb4e90492047b;p=thirdparty%2Fpostfix.git postfix-3.4.8 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index e9effeeee..a6f2542ef 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -24293,3 +24293,29 @@ Apologies for any names omitted. https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59 changed the error status, incompatibly, from SSL_ERROR_NONE into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c. + +20191014 + + Bugfix (introduced: Postfix 2.8): don't gratuitously enable + all after-220 tests when only one such test is enabled. + This made selective tests impossible with 'good' clients. + File: postscreen/postscreen_smtpd.c. + + Bugfix: the 20180903 postscreen fix for a misleading + "PIPELINING after BDAT" warning looked at the wrong variable. + The warning now says "BDAT without valid RCPT", and the + error is no longer treated as a command PIPELINING error + (but sending BDAT is still a client error, because postscreen + rejects all RCPT commands and does not announce PIPELINING + support). File: postscreen/postscreen_smtpd.c. + +20191109 + + Usability: the parser for key/certificate chain files + rejected inputs that contain an EC PARAMETERS object. While + this is technically correct (the documentation says what + types are allowed) this is surprising behavior because the + legacy cert/key parameters will accept such inputs. For + now, the parser skips object types that it does not know + about for usability, and logs a warning because ignoring + inputs is not kosher. Viktor and Wietse. File: tls/tls_certkey.c. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 4c98887d2..a53c3d6eb 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20190921" -#define MAIL_VERSION_NUMBER "3.4.7" +#define MAIL_RELEASE_DATE "20191124" +#define MAIL_VERSION_NUMBER "3.4.8" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/postscreen/postscreen_smtpd.c b/postfix/src/postscreen/postscreen_smtpd.c index 78392072f..027bf3a8b 100644 --- a/postfix/src/postscreen/postscreen_smtpd.c +++ b/postfix/src/postscreen/postscreen_smtpd.c @@ -591,6 +591,8 @@ static int psc_data_cmd(PSC_STATE *state, char *args) * never see DATA from a legitimate client, because 1) the server rejects * every recipient, and 2) the server does not announce PIPELINING. */ + msg_info("DATA without valid RCPT from [%s]:%s", + PSC_CLIENT_ADDR_PORT(state)); if (PSC_SMTPD_NEXT_TOKEN(args) != 0) PSC_CLEAR_EVENT_DROP_SESSION_STATE(state, psc_smtpd_time_event, @@ -620,6 +622,8 @@ static int psc_bdat_cmd(PSC_STATE *state, char *args) * client, because 1) the server rejects every recipient, and 2) the * server does not announce PIPELINING. */ + msg_info("BDAT without valid RCPT from [%s]:%s", + PSC_CLIENT_ADDR_PORT(state)); if (state->ehlo_discard_mask & EHLO_MASK_CHUNKING) PSC_CLEAR_EVENT_DROP_SESSION_STATE(state, psc_smtpd_time_event, @@ -1033,7 +1037,7 @@ static void psc_smtpd_read_event(int event, void *context) } } /* Command PIPELINING test. */ - if ((state->flags & PSC_SMTPD_CMD_FLAG_HAS_PAYLOAD) == 0 + if ((cmdp->flags & PSC_SMTPD_CMD_FLAG_HAS_PAYLOAD) == 0 && (state->flags & PSC_STATE_MASK_PIPEL_TODO_SKIP) == PSC_STATE_FLAG_PIPEL_TODO && !PSC_SMTPD_BUFFER_EMPTY(state)) { printable(command, '?'); @@ -1172,16 +1176,18 @@ void psc_smtpd_tests(PSC_STATE *state) state->read_state = PSC_SMTPD_CMD_ST_ANY; /* - * Opportunistically make postscreen more useful by turning on the - * pipelining and non-SMTP command tests when a pre-handshake test - * failed, or when some deep test is configured as enabled. + * Disable all after-220 tests when we need to reply with 421 and hang up + * after reading the next SMTP client command. * - * XXX Make "opportunistically" configurable for each test. + * Opportunistically make postscreen more useful, by turning on all + * after-220 tests when a bad client failed a before-220 test. + * + * Otherwise, only apply the explicitly-configured after-220 tests. */ - if ((state->flags & PSC_STATE_FLAG_SMTPD_X21) == 0) { - state->flags |= PSC_STATE_MASK_SMTPD_TODO; - } else { + if (state->flags & PSC_STATE_FLAG_SMTPD_X21) { state->flags &= ~PSC_STATE_MASK_SMTPD_TODO; + } else if (state->flags & PSC_STATE_MASK_ANY_FAIL) { + state->flags |= PSC_STATE_MASK_SMTPD_TODO; } /* diff --git a/postfix/src/tls/tls_certkey.c b/postfix/src/tls/tls_certkey.c index 74b2fd1cd..3409798fe 100644 --- a/postfix/src/tls/tls_certkey.c +++ b/postfix/src/tls/tls_certkey.c @@ -413,8 +413,7 @@ static int load_pem_object(pem_load_state_t *st) && strcmp(name, PEM_STRING_DSA) == 0)) { load_pkey(st, pkey_type, buf, buflen); } else if (!st->mixed) { - msg_warn("error loading %s: unexpected PEM type: %s", st->source, name); - st->state = PEM_LOAD_STATE_NOGO; + msg_warn("loading %s: ignoring PEM type: %s", st->source, name); } OPENSSL_free(name); OPENSSL_free(header);