From: Wietse Venema Date: Mon, 9 Oct 2017 05:00:00 +0000 (-0500) Subject: postfix-3.3-20171009 X-Git-Tag: v3.3.0-RC1~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a2bafb0f08c187e294fbbe5909a5625bc605dcc2;p=thirdparty%2Fpostfix.git postfix-3.3-20171009 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index c4b0f4b56..09f3a9354 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -23144,7 +23144,7 @@ Apologies for any names omitted. Safety: restore sanity checks for dynamically-specified width and precision in format strings (%*, %.*, and %*.*). - These checks were lost with the Postfix 3.2.2 rewrite of + These checks were lost with the Postfix 3.2 rewrite of the vbuf_print formatter. File: vbuf_print.c. Bugfix (introduced: postfix-alpha): improve the 'fatal: @@ -23156,5 +23156,18 @@ Apologies for any names omitted. Bugfix (introduced: Postfix 3.2): panic in the postqueue command after output write error while listing the queue. This change restores a write error check that was lost with - the Postfix 3.2.2 rewrite of the vbuf_print formatter. + the Postfix 3.2 rewrite of the vbuf_print formatter. Problem reported by Andreas Schulze. File: util/vbuf_print.c. + +20170924 + + Cleanup: terminate early after output write error. Files: + showq/show_compat.c, showq/show_json.c. + +20171009 + + Bugfix (introduced: Postfix 3.1): DANE support. Postfix + builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to + some sites with "TLSA 2 X X" records associated with an + intermediate CA certificate. Problem report and initial + fix by Erwan Legrand. File: src/tls/tls_dane.c. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index f0e3a4eed..9ad62021d 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -6,9 +6,15 @@ Wish list: Disable -DSNAPSHOT and -DNONPROD in makedefs. + After I/O error, store errno in VSTREAM object before errno + may be overwritten. + Add postwhite as a postscreen-related project. https://github.com/stevejenkins/postwhite/blob/master/README.md + Document postsrsd and postforward for srs-ifying. Would + more fine-grained smtp_generic_maps support help? + Decide whether to deprecate database configuration pathnames that start with ".", for example, ldap:./file/name. These forms are documented for ldap:, memcache:, mysql:, pgsql:, and sqlite: diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 5c308bad2..5e38bd06c 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -12665,7 +12665,7 @@ server certificate must match the TLSA records. fingerprint +
fingerprint
Certificate fingerprint verification. Available with Postfix 2.5 and later. At this security level, there are no trusted Certification Authorities. The certificate @@ -12936,7 +12936,7 @@ TLSA authentication is required. There is no fallback to "may" or (DANE) TLS authentication is available with Postfix 2.11 and later.
-
fingerprint
+
fingerprint
Certificate fingerprint verification. At this security level, there are no trusted Certification Authorities. The certificate trust chain, expiration date, etc., are diff --git a/postfix/html/postqueue.1.html b/postfix/html/postqueue.1.html index 258cc8d69..15ad7fea2 100644 --- a/postfix/html/postqueue.1.html +++ b/postfix/html/postqueue.1.html @@ -169,7 +169,7 @@ POSTQUEUE(1) POSTQUEUE(1) alternate_config_directories (empty) A list of non-default Postfix configuration directories that may be specified with "-c config_directory" on the command line (in - the case of sendmail(1), with "-C config_directory"), or via the + the case of sendmail(1), with the "-C" option), or via the MAIL_CONFIG environment parameter. config_directory (see 'postconf -d' output) @@ -184,8 +184,9 @@ POSTQUEUE(1) POSTQUEUE(1) tion logfiles with mail that is queued to those destinations. import_environment (see 'postconf -d' output) - The list of environment parameters that a Postfix process will - import from a non-Postfix parent process. + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or + name=value environment overrides. queue_directory (see 'postconf -d' output) The location of the Postfix top-level queue directory. @@ -194,11 +195,11 @@ POSTQUEUE(1) POSTQUEUE(1) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". trigger_timeout (10s) - The time limit for sending a trigger to a Postfix daemon (for + The time limit for sending a trigger to a Postfix daemon (for example, the pickup(8) or qmgr(8) daemon). Available in Postfix version 2.2 and later: diff --git a/postfix/man/man1/postqueue.1 b/postfix/man/man1/postqueue.1 index 9a3da4167..7d70dafe3 100644 --- a/postfix/man/man1/postqueue.1 +++ b/postfix/man/man1/postqueue.1 @@ -181,7 +181,7 @@ The text below provides only a parameter summary. See .IP "\fBalternate_config_directories (empty)\fR" A list of non\-default Postfix configuration directories that may be specified with "\-c config_directory" on the command line (in the -case of \fBsendmail\fR(1), with "\-C config_directory"), or via the MAIL_CONFIG +case of \fBsendmail\fR(1), with the "\-C" option), or via the MAIL_CONFIG environment parameter. .IP "\fBconfig_directory (see 'postconf -d' output)\fR" The default location of the Postfix main.cf and master.cf @@ -192,8 +192,9 @@ The location of all postfix administrative commands. Optional list of destinations that are eligible for per\-destination logfiles with mail that is queued to those destinations. .IP "\fBimport_environment (see 'postconf -d' output)\fR" -The list of environment parameters that a Postfix process will -import from a non\-Postfix parent process. +The list of environment parameters that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" The location of the Postfix top\-level queue directory. .IP "\fBsyslog_facility (mail)\fR" diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index b5c8957c8..3a73e6205 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -11066,7 +11066,7 @@ server certificate must match the TLSA records. RFC 7672 (DANE) TLS authentication and DNSSEC support is available with Postfix 2.11 and later.
-
fingerprint
+
fingerprint
Certificate fingerprint verification. Available with Postfix 2.5 and later. At this security level, there are no trusted Certification Authorities. The certificate @@ -11465,7 +11465,7 @@ TLSA authentication is required. There is no fallback to "may" or (DANE) TLS authentication is available with Postfix 2.11 and later.
-
fingerprint
+
fingerprint
Certificate fingerprint verification. At this security level, there are no trusted Certification Authorities. The certificate trust chain, expiration date, etc., are diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index c7370a1ad..7cc70aed7 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20170924" +#define MAIL_RELEASE_DATE "20171009" #define MAIL_VERSION_NUMBER "3.3" #ifdef SNAPSHOT diff --git a/postfix/src/postqueue/postqueue.c b/postfix/src/postqueue/postqueue.c index 29f0a9c5f..f18fb4739 100644 --- a/postfix/src/postqueue/postqueue.c +++ b/postfix/src/postqueue/postqueue.c @@ -163,7 +163,7 @@ /* .IP "\fBalternate_config_directories (empty)\fR" /* A list of non-default Postfix configuration directories that may /* be specified with "-c config_directory" on the command line (in the -/* case of \fBsendmail\fR(1), with "-C config_directory"), or via the MAIL_CONFIG +/* case of \fBsendmail\fR(1), with the "-C" option), or via the MAIL_CONFIG /* environment parameter. /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" /* The default location of the Postfix main.cf and master.cf @@ -174,8 +174,9 @@ /* Optional list of destinations that are eligible for per-destination /* logfiles with mail that is queued to those destinations. /* .IP "\fBimport_environment (see 'postconf -d' output)\fR" -/* The list of environment parameters that a Postfix process will -/* import from a non-Postfix parent process. +/* The list of environment parameters that a privileged Postfix +/* process will import from a non-Postfix parent process, or name=value +/* environment overrides. /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR" /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" diff --git a/postfix/src/postqueue/showq_compat.c b/postfix/src/postqueue/showq_compat.c index 7899b1eef..c1868e1a4 100644 --- a/postfix/src/postqueue/showq_compat.c +++ b/postfix/src/postqueue/showq_compat.c @@ -36,6 +36,7 @@ #include #include #include +#include /* Utility library. */ @@ -190,7 +191,11 @@ void showq_compat(VSTREAM *showq_stream) } queue_size += showq_message(showq_stream); file_count++; - vstream_fflush(VSTREAM_OUT); + if (vstream_fflush(VSTREAM_OUT)) { + if (errno != EPIPE) + msg_fatal_status(EX_IOERR, "output write error: %m"); + return; + } } if (showq_status < 0) msg_fatal_status(EX_SOFTWARE, "malformed showq server response"); @@ -205,5 +210,6 @@ void showq_compat(VSTREAM *showq_stream) queue_size / 1024, file_count, file_count == 1 ? "" : "s"); } - vstream_fflush(VSTREAM_OUT); + if (vstream_fflush(VSTREAM_OUT) && errno != EPIPE) + msg_fatal_status(EX_IOERR, "output write error: %m"); } diff --git a/postfix/src/postqueue/showq_json.c b/postfix/src/postqueue/showq_json.c index 407d441ba..67fbada4a 100644 --- a/postfix/src/postqueue/showq_json.c +++ b/postfix/src/postqueue/showq_json.c @@ -34,6 +34,7 @@ #include #include #include +#include /* Utility library. */ @@ -167,7 +168,7 @@ static void format_json(VSTREAM *showq_stream) json_quote(quote_buf, STR(addr))); /* - Read zero or more (recipient, reason) pair(s) until attr_scan_more() + * Read zero or more (recipient, reason) pair(s) until attr_scan_more() * consumes a terminator. If the showq daemon messes up, don't try to * resynchronize. */ @@ -192,7 +193,8 @@ static void format_json(VSTREAM *showq_stream) if (showq_status < 0) msg_fatal_status(EX_SOFTWARE, "malformed showq server response"); vstream_printf("}\n"); - vstream_fflush(VSTREAM_OUT); + if (vstream_fflush(VSTREAM_OUT) && errno != EPIPE) + msg_fatal_status(EX_IOERR, "output write error: %m"); } /* showq_json - streaming JSON-format output adapter */ @@ -202,10 +204,11 @@ void showq_json(VSTREAM *showq_stream) int showq_status; /* - * Emit zero or more queue file objects until attr_scan_more() - * consumes a terminator. + * Emit zero or more queue file objects until attr_scan_more() consumes a + * terminator. */ - while ((showq_status = attr_scan_more(showq_stream)) > 0) { + while ((showq_status = attr_scan_more(showq_stream)) > 0 + && vstream_ferror(VSTREAM_OUT) == 0) { format_json(showq_stream); } if (showq_status < 0) diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c index df4e68542..8ec61379b 100644 --- a/postfix/src/tls/tls_dane.c +++ b/postfix/src/tls/tls_dane.c @@ -1450,7 +1450,7 @@ static X509_NAME *akid_issuer_name(AUTHORITY_KEYID *akid) /* set_issuer - set issuer DN to match akid if specified */ -static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid) +static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj) { X509_NAME *name = akid_issuer_name(akid); @@ -1460,7 +1460,7 @@ static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid) */ if (name) return (X509_set_issuer_name(cert, name)); - return (X509_set_issuer_name(cert, X509_get_subject_name(cert))); + return (X509_set_issuer_name(cert, subj)); } /* grow_chain - add certificate to trusted or untrusted chain */ @@ -1522,7 +1522,7 @@ static void wrap_key(TLS_SESS_STATE *TLScontext, int depth, */ if (!X509_set_version(cert, 2) || !set_serial(cert, akid, subject) - || !set_issuer_name(cert, akid) + || !set_issuer_name(cert, akid, name) || !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L) || !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L) || !X509_set_subject_name(cert, name) @@ -1798,6 +1798,10 @@ void tls_dane_set_callback(SSL_CTX *ctx, TLS_SESS_STATE *TLScontext) #include #include +#if OPENSSL_VERSION_NUMBER < 0x10002000L +#define SSL_get0_param(s) ((s)->param) +#endif + static int verify_chain(SSL *ssl, x509_stack_t *chain, TLS_SESS_STATE *tctx) { int ret;