Ubuntu
postfix package

Merge ~lucaskanashiro/ubuntu/+source/postfix:update-to-version-3.4.13 into ubuntu/+source/postfix:ubuntu/focal-devel

  1. Git
  2. lp:~lucaskanashiro/ubuntu/+source/postfix
  3. update-to-version-3.4.13
  4. Merge into ubuntu/focal-devel
Proposed by Lucas Kanashiro
Status: Merged
Approved by: Lucas Kanashiro
Approved revision: ab70326dd83b3b987da93d56336590332eedde79
Merged at revision: ab70326dd83b3b987da93d56336590332eedde79
Proposed branch: ~lucaskanashiro/ubuntu/+source/postfix:update-to-version-3.4.13
Merge into: ubuntu/+source/postfix:ubuntu/focal-devel
Diff against target: 775 lines (+241/-87)
31 files modified
HISTORY (+81/-0)
Makefile.in (+1/-1)
README_FILES/MAILLOG_README (+1/-1)
RELEASE_NOTES (+8/-0)
conf/postfix-tls-script (+1/-1)
debian/changelog (+12/-0)
debian/patches/series (+0/-1)
dev/null (+0/-51)
html/MAILLOG_README.html (+1/-1)
html/postconf.5.html (+1/-1)
html/postfix.1.html (+1/-1)
makedefs (+14/-1)
man/man1/postfix.1 (+1/-1)
man/man5/postconf.5 (+1/-1)
proto/MAILLOG_README.html (+1/-1)
proto/postconf.proto (+1/-1)
src/dns/dns.h (+4/-0)
src/dns/dns_lookup.c (+5/-2)
src/dns/dns_str_resflags.c (+6/-0)
src/global/mail_params.c (+2/-0)
src/global/mail_params.h (+1/-1)
src/global/mail_version.h (+2/-2)
src/milter/milter.c (+5/-5)
src/postfix/postfix.c (+1/-1)
src/smtpd/smtpd_check.c (+8/-8)
src/tls/tls_bio_ops.c (+7/-0)
src/tls/tls_misc.c (+21/-0)
src/tls/tls_session.c (+1/-1)
src/tlsproxy/tlsproxy.c (+26/-4)
src/util/midna_domain.c (+26/-0)
src/util/midna_domain.h (+1/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+386118@code.launchpad.net

Description of the change

Import microrelease version 3.4.13 to Focal. It will fix LP #1868955 and #1881196.

Here is a PPA with the proposed package:

https://launchpad.net/~lucaskanashiro/+archive/ubuntu/focal-postfix

autopkgtest is still happy:

autopkgtest [14:47:23]: @@@@@@@@@@@@@@@@@@@@ summary
postfix PASS

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Changes look all SRUable to me.
Changelog is correct as Focal+1 already has 3.5 we don't need to be too careful on version collisions.

bug 1881196 misses an SRU template, so before you upload add something there please.

the sru template in 1868955 described 3.4.13 but since we jump 3.4.10->3.4.13 you might want to rephrase a few things like "According to upstream there are just 2 changes in this new microrelease ..." if you look at the diff to the HISTORY file you see what might be worth to mention as "being ok for this MRE SRU".

All that I found to adapt is work on bug descriptions, the MP itself LGTM

review: Approve
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks Christian! I updated the bugs description and already uploaded the package:

$ git push pkg upload/3.4.13-0ubuntu1
Enumerating objects: 104, done.
Counting objects: 100% (104/104), done.
Delta compression using up to 8 threads
Compressing objects: 100% (47/47), done.
Writing objects: 100% (56/56), 8.29 KiB | 530.00 KiB/s, done.
Total 56 (delta 52), reused 9 (delta 9)
remote: Checking connectivity: 56, done.
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/postfix
 * [new tag] upload/3.4.13-0ubuntu1 -> upload/3.4.13-0ubuntu1

$ dput ubuntu ../postfix_3.4.13-0ubuntu1_source.changes
Checking signature on .changes
gpg: ../postfix_3.4.13-0ubuntu1_source.changes: Valid signature from F823A2729883C97C
Checking signature on .dsc
gpg: ../postfix_3.4.13-0ubuntu1.dsc: Valid signature from F823A2729883C97C
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading postfix_3.4.13-0ubuntu1.dsc: done.
  Uploading postfix_3.4.13.orig.tar.gz: done.
  Uploading postfix_3.4.13.orig.tar.gz.asc: done.
  Uploading postfix_3.4.13-0ubuntu1.debian.tar.xz: done.
  Uploading postfix_3.4.13-0ubuntu1_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/HISTORY b/HISTORY
2index 1ebf42a..fe15290 100644
3--- a/HISTORY
4+++ b/HISTORY
5@@ -24346,3 +24346,84 @@ Apologies for any names omitted.
6 multi-Milter configuration during MAIL FROM. Milter client
7 state was not properly reset after one of the Milters failed.
8 Reported by WeiYu Wu.
9+
10+20200416
11+
12+ Workaround for broken builds after an incompatible change
13+ in GCC 10. Files: makedefs, Makefile.in.
14+
15+ Workaround for broken DANE support after an incompatible
16+ change in GLIBC 2.31. This avoids the need for new options
17+ in /etc/resolv.conf. Files: dns/dns.h, dns/dns_lookup.c.
18+
19+20200419
20+
21+ Bugfix: segfault in the tlsproxy client role when the server
22+ role was disabled. This typically happens on systems that
23+ do not receive mail, after configuring connection reuse for
24+ outbound TLS. Found during program maintenance. File:
25+ tlsproxy/tlsproxy.c.
26+
27+20200420
28+
29+ Noise suppression: shut up a compiler that special-cases
30+ string literals. Viktor Dukhovni. File milter/milter.c.
31+
32+20200422
33+
34+ Security: disable DANE support on Alpine Linux because
35+ libc-musl provides no indication whether DNS responses are
36+ authentic. This broke DANE support without a clear explanation.
37+ File: makedefs.
38+
39+20200505
40+
41+ Noise suppression: shut up a compiler that special-cases
42+ string literals. Viktor Dukhovni. File smtpd/smtpd_check.c.
43+
44+20200509
45+
46+ Bugfix (introduced: Postfix 3.5): maillog_file_rotate_suffix
47+ default value used the minute instead of the month. Reported
48+ by Larry Stone. Files: conf/postfix-tls-script,
49+ proto/MAILLOG_README.html, proto/postconf.proto.
50+ global/mail_params.h, postfix/postfix.c.
51+
52+20200510
53+
54+ Bitrot: avoid U_FILE_ACCESS_ERROR after chroot(), by
55+ initializing the ICU library before making the chroot()
56+ call. Files: util/midna_domain.[hc], global/mail_params.c.
57+
58+20200511
59+
60+ Noise suppression: avoid "SSL_Shutdown:shutdown while in
61+ init" warnings. File: tls/tls_session.c.
62+
63+20200515
64+
65+ Bugfix (introduced: Postfix 2.2): a TLS error for a PostgreSQL
66+ client caused a false 'lost connection' error for an SMTP
67+ over TLS session in the same Postfix process. Reported by
68+ Alexander Vasarab, diagnosed by Viktor Dukhovni. File:
69+ tls/tls_bio_ops.c.
70+
71+ Bugfix (introduced: Postfix 2.8): a TLS error for one TLS
72+ session may cause a false 'lost connection' error for a
73+ concurrent TLS session in the same tlsproxy process. File:
74+ tlsproxy/tlsproxy.c.
75+
76+20200530
77+
78+ Bugfix (introduced: Postfix 3.1): "postfix tls deploy-server-cert"
79+ did not handle a missing optional argument. File:
80+ conf/postfix-tls-script.
81+
82+20200610
83+
84+ Bugfix (introduced: Postfix 3.4): in the Postfix SMTP server,
85+ the SNI callback reported an error when it was called a
86+ second time. This happened after the server-side TLS engine
87+ sent a TLSv1.3 HelloRetryRequest (HRR) to a remote SMTP
88+ client. Reported by Ján Máté, fixed by Viktor Dukhovni.
89+ File: tls/tls_misc.c.
90diff --git a/Makefile.in b/Makefile.in
91index fa12b04..aaab94d 100644
92--- a/Makefile.in
93+++ b/Makefile.in
94@@ -1,5 +1,5 @@
95 SHELL = /bin/sh
96-WARN = -Wmissing-prototypes -Wformat -Wno-comment
97+WARN = -Wmissing-prototypes -Wformat -Wno-comment -fcommon
98 OPTS = 'WARN=$(WARN)'
99 DIRS = src/util src/global src/dns src/tls src/xsasl src/master src/milter \
100 src/postfix src/fsstone src/smtpstone \
101diff --git a/README_FILES/MAILLOG_README b/README_FILES/MAILLOG_README
102index 5184425..cc8b097 100644
103--- a/README_FILES/MAILLOG_README
104+++ b/README_FILES/MAILLOG_README
105@@ -64,7 +64,7 @@ implements the following steps:
106
107 * Rename the current logfile by appending a suffix that contains the date and
108 time. This suffix is configured with the maillog_file_rotate_suffix
109- parameter (default: %Y%M%d-%H%M%S).
110+ parameter (default: %Y%m%d-%H%M%S).
111
112 * Reload Postfix so that postlogd(8) immediately closes the old logfile.
113
114diff --git a/RELEASE_NOTES b/RELEASE_NOTES
115index 63e8e5a..c981244 100644
116--- a/RELEASE_NOTES
117+++ b/RELEASE_NOTES
118@@ -16,6 +16,14 @@ specifies the release date of a stable release or snapshot release.
119 If you upgrade from Postfix 3.2 or earlier, read RELEASE_NOTES-3.3
120 before proceeding.
121
122+libc-musl workaround for Postfix 3.2.15, 3.3.10, 3.4.12, and 3.5.2
123+------------------------------------------------------------------
124+
125+Security: this release disables DANE support on Linux systems with
126+libc-musl, because libc-musl provides no indication whether DNS
127+responses are authentic. This broke DANE support without a clear
128+explanation.
129+
130 TLS Workaround for Postfix 3.4.6, 3.3.5, 3.2.10 and 3.1.13
131 -----------------------------------------------------------
132
133diff --git a/conf/postfix-tls-script b/conf/postfix-tls-script
134index 2c3430a..1a364b7 100644
135--- a/conf/postfix-tls-script
136+++ b/conf/postfix-tls-script
137@@ -777,7 +777,7 @@ get_cache_db_type() {
138 deploy_server_cert() {
139 certfile=$1; shift
140 keyfile=$1; shift
141- deploy=$1; shift
142+ case $# in 0) deploy=;; *) deploy=$1; shift;; esac
143
144 # Sets key_algo, key_param and cert_param
145 check_key "$keyfile" || return 1
146diff --git a/debian/changelog b/debian/changelog
147index 86e71a2..ad23036 100644
148--- a/debian/changelog
149+++ b/debian/changelog
150@@ -1,3 +1,15 @@
151+postfix (3.4.13-0ubuntu1) focal; urgency=medium
152+
153+ * New upstream release: 3.4.13
154+ - Workaround for broken DANE support after an incompatible change in
155+ GLIBC 2.31 (LP: #1868955)
156+ - Fix "postfix tls deploy-server-cert", now it handles a missing optional
157+ argument (LP: #1881196)
158+ * Drop patch 80_glibc2.30-ftbfs.diff. This patch is not needed anymore and
159+ it does not cleanly apply to this new upstream release.
160+
161+ -- Lucas Kanashiro <kanashiro@ubuntu.com> Fri, 19 Jun 2020 14:11:03 -0300
162+
163 postfix (3.4.10-1ubuntu1) focal; urgency=medium
164
165 * d/configure-instance.sh: fix typo in tls_CApath copying (LP: #1872288)
166diff --git a/debian/patches/80_glibc2.30-ftbfs.diff b/debian/patches/80_glibc2.30-ftbfs.diff
167deleted file mode 100644
168index c36baf0..0000000
169--- a/debian/patches/80_glibc2.30-ftbfs.diff
170+++ /dev/null
171@@ -1,51 +0,0 @@
172-Description: fix build with glibc 2.30
173- glibc 2.30 release notes at
174- https://savannah.gnu.org/forum/forum.php?forum_id=9515 states:
175- """
176- Support for the "inet6" option in /etc/resolv.conf and the RES_USE_INET6
177- resolver flag (deprecated in glibc 2.25) have been removed.
178- ...
179- The obsolete RES_INSECURE1 and RES_INSECURE2 option flags for the DNS stub
180- resolver have been removed from <resolv.h>.
181- """
182- And RES_AAONLY and RES_PRIMARY are already flagged as deprecated and are
183- being guarded with the same fix.
184-Origin: upstream, https://github.com/vdukhovni/postfix/commit/3274c3cea9d739f86e84b65664aabb692e37e83f#diff-777bfb681a1cd539ddc8e1e606959ffa
185-Bug: http://postfix.1071664.n5.nabble.com/build-failure-with-glibc-2-30-td102511.html
186-Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1842923
187-Last-Update: 2019-09-05
188----
189-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
190-diff --git a/postfix/src/dns/dns_str_resflags.c b/postfix/src/dns/dns_str_resflags.c
191-index 5f2cce5e..472394c3 100644
192---- a/src/dns/dns_str_resflags.c
193-+++ b/src/dns/dns_str_resflags.c
194-@@ -52,18 +52,28 @@
195- static const LONG_NAME_MASK resflag_table[] = {
196- "RES_INIT", RES_INIT,
197- "RES_DEBUG", RES_DEBUG,
198-+#ifdef RES_AAONLY
199- "RES_AAONLY", RES_AAONLY,
200-+#endif
201- "RES_USEVC", RES_USEVC,
202-+#ifdef RES_PRIMARY
203- "RES_PRIMARY", RES_PRIMARY,
204-+#endif
205- "RES_IGNTC", RES_IGNTC,
206- "RES_RECURSE", RES_RECURSE,
207- "RES_DEFNAMES", RES_DEFNAMES,
208- "RES_STAYOPEN", RES_STAYOPEN,
209- "RES_DNSRCH", RES_DNSRCH,
210-+#ifdef RES_INSECURE1
211- "RES_INSECURE1", RES_INSECURE1,
212-+#endif
213-+#ifdef RES_INSECURE2
214- "RES_INSECURE2", RES_INSECURE2,
215-+#endif
216- "RES_NOALIASES", RES_NOALIASES,
217-+#ifdef RES_USE_INET6
218- "RES_USE_INET6", RES_USE_INET6,
219-+#endif
220- #ifdef RES_ROTATE
221- "RES_ROTATE", RES_ROTATE,
222- #endif
223diff --git a/debian/patches/series b/debian/patches/series
224index 4976a63..fe67e62 100644
225--- a/debian/patches/series
226+++ b/debian/patches/series
227@@ -14,6 +14,5 @@
228 41_rmail.diff
229 50_LANG.diff
230 70_postfix-check.diff
231-80_glibc2.30-ftbfs.diff
232 tls_version.diff
233 debian-man-name.diff
234diff --git a/html/MAILLOG_README.html b/html/MAILLOG_README.html
235index b1f9702..c5b7978 100644
236--- a/html/MAILLOG_README.html
237+++ b/html/MAILLOG_README.html
238@@ -114,7 +114,7 @@ run from a terminal. This command implements the following steps:
239
240 <li> <p> Rename the current logfile by appending a suffix that
241 contains the date and time. This suffix is configured with the
242-<a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> parameter (default: %Y%M%d-%H%M%S). </p>
243+<a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> parameter (default: %Y%m%d-%H%M%S). </p>
244
245 <li> <p> Reload Postfix so that <a href="postlogd.8.html">postlogd(8)</a> immediately closes the
246 old logfile. </p>
247diff --git a/html/postconf.5.html b/html/postconf.5.html
248index cba1fac..aa94c32 100644
249--- a/html/postconf.5.html
250+++ b/html/postconf.5.html
251@@ -6284,7 +6284,7 @@ whitespace. </p>
252 </DD>
253
254 <DT><b><a name="maillog_file_rotate_suffix">maillog_file_rotate_suffix</a>
255-(default: %Y%M%d-%H%M%S)</b></DT><DD>
256+(default: %Y%m%d-%H%M%S)</b></DT><DD>
257
258 <p> The format of the suffix to append to $<a href="postconf.5.html#maillog_file">maillog_file</a> while rotating
259 the file with "postfix logrotate". See strftime(3) for syntax. The
260diff --git a/html/postfix.1.html b/html/postfix.1.html
261index 4c5c4f9..eb59ad3 100644
262--- a/html/postfix.1.html
263+++ b/html/postfix.1.html
264@@ -285,7 +285,7 @@ POSTFIX(1) POSTFIX(1)
265 <b><a href="postconf.5.html#maillog_file_prefixes">maillog_file_prefixes</a> (/var, /dev/stdout)</b>
266 A list of allowed prefixes for a <a href="postconf.5.html#maillog_file">maillog_file</a> value.
267
268- <b><a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> (%Y%M%d-%H%M%S)</b>
269+ <b><a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> (%Y%m%d-%H%M%S)</b>
270 The format of the suffix to append to $<a href="postconf.5.html#maillog_file">maillog_file</a> while rotat-
271 ing the file with "postfix logrotate".
272
273diff --git a/makedefs b/makedefs
274index 93731c2..64b42f4 100644
275--- a/makedefs
276+++ b/makedefs
277@@ -228,6 +228,19 @@ case $# in
278 *) echo usage: $0 [system release] 1>&2; exit 1;;
279 esac
280
281+case "$SYSTEM" in
282+ Linux)
283+ case "`PATH=/bin:/usr/bin ldd /bin/sh`" in
284+ *-musl-*)
285+ case "$CCARGS" in
286+ *-DNO_DNSSEC*) ;;
287+ *) echo Warning: libc-musl breaks DANE/TLSA security. 1>&2
288+ echo This build will not support DANE/TLSA. 1>&2
289+ CCARGS="$CCARGS -DNO_DNSSEC";;
290+ esac;;
291+ esac;;
292+esac
293+
294 case "$SYSTEM.$RELEASE" in
295 SCO_SV.3.2) SYSTYPE=SCO5
296 # Use the native compiler by default
297@@ -1136,7 +1149,7 @@ esac
298 : ${CC=gcc} ${OPT='-O'} ${DEBUG='-g'} ${AWK=awk} \
299 ${WARN='-Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \
300 -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
301- -Wunused -Wno-missing-braces'}
302+ -Wunused -Wno-missing-braces -fcommon'}
303
304 # Extract map type names from -DHAS_XXX compiler options. We avoid
305 # problems with tr(1) range syntax by using enumerations instead,
306diff --git a/man/man1/postfix.1 b/man/man1/postfix.1
307index 7a8a39c..412c0c9 100644
308--- a/man/man1/postfix.1
309+++ b/man/man1/postfix.1
310@@ -252,7 +252,7 @@ The program to run after rotating $maillog_file with "postfix
311 logrotate".
312 .IP "\fBmaillog_file_prefixes (/var, /dev/stdout)\fR"
313 A list of allowed prefixes for a maillog_file value.
314-.IP "\fBmaillog_file_rotate_suffix (%Y%M%d\-%H%M%S)\fR"
315+.IP "\fBmaillog_file_rotate_suffix (%Y%m%d\-%H%M%S)\fR"
316 The format of the suffix to append to $maillog_file while rotating
317 the file with "postfix logrotate".
318 .IP "\fBpostlog_service_name (postlog)\fR"
319diff --git a/man/man5/postconf.5 b/man/man5/postconf.5
320index fdf6b39..ccb087a 100644
321--- a/man/man5/postconf.5
322+++ b/man/man5/postconf.5
323@@ -3775,7 +3775,7 @@ mistake. Specify one or more prefix strings, separated by comma or
324 whitespace.
325 .PP
326 This feature is available in Postfix 3.4 and later.
327-.SH maillog_file_rotate_suffix (default: %Y%M%d\-%H%M%S)
328+.SH maillog_file_rotate_suffix (default: %Y%m%d\-%H%M%S)
329 The format of the suffix to append to $maillog_file while rotating
330 the file with "postfix logrotate". See \fBstrftime\fR(3) for syntax. The
331 default suffix, YYYYMMDD\-HHMMSS, allows logs to be rotated frequently.
332diff --git a/proto/MAILLOG_README.html b/proto/MAILLOG_README.html
333index 5fad103..9b56518 100644
334--- a/proto/MAILLOG_README.html
335+++ b/proto/MAILLOG_README.html
336@@ -114,7 +114,7 @@ run from a terminal. This command implements the following steps:
337
338 <li> <p> Rename the current logfile by appending a suffix that
339 contains the date and time. This suffix is configured with the
340-maillog_file_rotate_suffix parameter (default: %Y%M%d-%H%M%S). </p>
341+maillog_file_rotate_suffix parameter (default: %Y%m%d-%H%M%S). </p>
342
343 <li> <p> Reload Postfix so that postlogd(8) immediately closes the
344 old logfile. </p>
345diff --git a/proto/postconf.proto b/proto/postconf.proto
346index f29cdf6..a37fb01 100644
347--- a/proto/postconf.proto
348+++ b/proto/postconf.proto
349@@ -17611,7 +17611,7 @@ first argument. </p>
350
351 <p> This feature is available in Postfix 3.4 and later. </p>
352
353-%PARAM maillog_file_rotate_suffix %Y%M%d-%H%M%S
354+%PARAM maillog_file_rotate_suffix %Y%m%d-%H%M%S
355
356 <p> The format of the suffix to append to $maillog_file while rotating
357 the file with "postfix logrotate". See strftime(3) for syntax. The
358diff --git a/src/dns/dns.h b/src/dns/dns.h
359index f758e44..b8c4c4a 100644
360--- a/src/dns/dns.h
361+++ b/src/dns/dns.h
362@@ -59,6 +59,7 @@
363 */
364 #ifdef NO_DNSSEC
365 #undef RES_USE_DNSSEC
366+#undef RES_TRUSTAD
367 #endif
368
369 /*
370@@ -70,6 +71,9 @@
371 #ifndef RES_USE_EDNS0
372 #define RES_USE_EDNS0 0
373 #endif
374+#ifndef RES_TRUSTAD
375+#define RES_TRUSTAD 0
376+#endif
377
378 /*-
379 * TLSA: https://tools.ietf.org/html/rfc6698#section-7.1
380diff --git a/src/dns/dns_lookup.c b/src/dns/dns_lookup.c
381index 1bfeb7e..2ae6483 100644
382--- a/src/dns/dns_lookup.c
383+++ b/src/dns/dns_lookup.c
384@@ -116,6 +116,9 @@
385 /* Request DNSSEC validation. This flag is silently ignored
386 /* when the system stub resolver API, resolver(3), does not
387 /* implement DNSSEC.
388+/* Automatically turns on the RES_TRUSTAD flag on systems that
389+/* support this flag (this behavior will be more configurable
390+/* in a later release).
391 /* .RE
392 /* .IP lflags
393 /* Flags that control the operation of the dns_lookup*()
394@@ -453,10 +456,10 @@ static int dns_query(const char *name, int type, unsigned flags,
395 /*
396 * Set extra options that aren't exposed to the application.
397 */
398-#define XTRA_FLAGS (RES_USE_EDNS0)
399+#define XTRA_FLAGS (RES_USE_EDNS0 | RES_TRUSTAD)
400
401 if (flags & RES_USE_DNSSEC)
402- flags |= RES_USE_EDNS0;
403+ flags |= (RES_USE_EDNS0 | RES_TRUSTAD);
404
405 /*
406 * Save and restore resolver options that we overwrite, to avoid
407diff --git a/src/dns/dns_str_resflags.c b/src/dns/dns_str_resflags.c
408index 5f2cce5..df32345 100644
409--- a/src/dns/dns_str_resflags.c
410+++ b/src/dns/dns_str_resflags.c
411@@ -60,10 +60,16 @@ static const LONG_NAME_MASK resflag_table[] = {
412 "RES_DEFNAMES", RES_DEFNAMES,
413 "RES_STAYOPEN", RES_STAYOPEN,
414 "RES_DNSRCH", RES_DNSRCH,
415+#ifdef RES_INSECURE1
416 "RES_INSECURE1", RES_INSECURE1,
417+#endif
418+#ifdef RES_INSECURE2
419 "RES_INSECURE2", RES_INSECURE2,
420+#endif
421 "RES_NOALIASES", RES_NOALIASES,
422+#ifdef RES_USE_INET6
423 "RES_USE_INET6", RES_USE_INET6,
424+#endif
425 #ifdef RES_ROTATE
426 "RES_ROTATE", RES_ROTATE,
427 #endif
428diff --git a/src/global/mail_params.c b/src/global/mail_params.c
429index 8953fe6..4b6a058 100644
430--- a/src/global/mail_params.c
431+++ b/src/global/mail_params.c
432@@ -868,6 +868,8 @@ void mail_params_init()
433 var_smtputf8_enable = 0;
434 #else
435 midna_domain_transitional = var_idna2003_compat;
436+ if (var_smtputf8_enable)
437+ midna_domain_pre_chroot();
438 #endif
439 util_utf8_enable = var_smtputf8_enable;
440
441diff --git a/src/global/mail_params.h b/src/global/mail_params.h
442index 1f4c207..900ef51 100644
443--- a/src/global/mail_params.h
444+++ b/src/global/mail_params.h
445@@ -4178,7 +4178,7 @@ extern char *var_maillog_file_pfxs;
446 extern char *var_maillog_file_comp;
447
448 #define VAR_MAILLOG_FILE_STAMP "maillog_file_rotate_suffix"
449-#define DEF_MAILLOG_FILE_STAMP "%Y%M%d-%H%M%S"
450+#define DEF_MAILLOG_FILE_STAMP "%Y%m%d-%H%M%S"
451 extern char *var_maillog_file_stamp;
452
453 #define VAR_POSTLOG_SERVICE "postlog_service_name"
454diff --git a/src/global/mail_version.h b/src/global/mail_version.h
455index 41647d3..95afa7b 100644
456--- a/src/global/mail_version.h
457+++ b/src/global/mail_version.h
458@@ -20,8 +20,8 @@
459 * Patches change both the patchlevel and the release date. Snapshots have no
460 * patchlevel; they change the release date only.
461 */
462-#define MAIL_RELEASE_DATE "20200312"
463-#define MAIL_VERSION_NUMBER "3.4.10"
464+#define MAIL_RELEASE_DATE "20200614"
465+#define MAIL_VERSION_NUMBER "3.4.13"
466
467 #ifdef SNAPSHOT
468 #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
469diff --git a/src/milter/milter.c b/src/milter/milter.c
470index cee169c..3d71cc6 100644
471--- a/src/milter/milter.c
472+++ b/src/milter/milter.c
473@@ -620,14 +620,14 @@ void milter_disc_event(MILTERS *milters)
474 * names by skipping the redundant "milter_" prefix.
475 */
476 static ATTR_OVER_TIME time_table[] = {
477- 7 + VAR_MILT_CONN_TIME, DEF_MILT_CONN_TIME, 0, 1, 0,
478- 7 + VAR_MILT_CMD_TIME, DEF_MILT_CMD_TIME, 0, 1, 0,
479- 7 + VAR_MILT_MSG_TIME, DEF_MILT_MSG_TIME, 0, 1, 0,
480+ 7 + (const char *) VAR_MILT_CONN_TIME, DEF_MILT_CONN_TIME, 0, 1, 0,
481+ 7 + (const char *) VAR_MILT_CMD_TIME, DEF_MILT_CMD_TIME, 0, 1, 0,
482+ 7 + (const char *) VAR_MILT_MSG_TIME, DEF_MILT_MSG_TIME, 0, 1, 0,
483 0,
484 };
485 static ATTR_OVER_STR str_table[] = {
486- 7 + VAR_MILT_PROTOCOL, 0, 1, 0,
487- 7 + VAR_MILT_DEF_ACTION, 0, 1, 0,
488+ 7 + (const char *) VAR_MILT_PROTOCOL, 0, 1, 0,
489+ 7 + (const char *) VAR_MILT_DEF_ACTION, 0, 1, 0,
490 0,
491 };
492
493diff --git a/src/postfix/postfix.c b/src/postfix/postfix.c
494index f8b3de4..b2306fb 100644
495--- a/src/postfix/postfix.c
496+++ b/src/postfix/postfix.c
497@@ -242,7 +242,7 @@
498 /* logrotate".
499 /* .IP "\fBmaillog_file_prefixes (/var, /dev/stdout)\fR"
500 /* A list of allowed prefixes for a maillog_file value.
501-/* .IP "\fBmaillog_file_rotate_suffix (%Y%M%d-%H%M%S)\fR"
502+/* .IP "\fBmaillog_file_rotate_suffix (%Y%m%d-%H%M%S)\fR"
503 /* The format of the suffix to append to $maillog_file while rotating
504 /* the file with "postfix logrotate".
505 /* .IP "\fBpostlog_service_name (postlog)\fR"
506diff --git a/src/smtpd/smtpd_check.c b/src/smtpd/smtpd_check.c
507index d1caa5c..a25b401 100644
508--- a/src/smtpd/smtpd_check.c
509+++ b/src/smtpd/smtpd_check.c
510@@ -483,20 +483,20 @@ typedef struct {
511 * parameter names by skipping the redundant "smtpd_policy_service_" prefix.
512 */
513 static ATTR_OVER_TIME time_table[] = {
514- 21 + VAR_SMTPD_POLICY_TMOUT, DEF_SMTPD_POLICY_TMOUT, 0, 1, 0,
515- 21 + VAR_SMTPD_POLICY_IDLE, DEF_SMTPD_POLICY_IDLE, 0, 1, 0,
516- 21 + VAR_SMTPD_POLICY_TTL, DEF_SMTPD_POLICY_TTL, 0, 1, 0,
517- 21 + VAR_SMTPD_POLICY_TRY_DELAY, DEF_SMTPD_POLICY_TRY_DELAY, 0, 1, 0,
518+ 21 + (const char *) VAR_SMTPD_POLICY_TMOUT, DEF_SMTPD_POLICY_TMOUT, 0, 1, 0,
519+ 21 + (const char *) VAR_SMTPD_POLICY_IDLE, DEF_SMTPD_POLICY_IDLE, 0, 1, 0,
520+ 21 + (const char *) VAR_SMTPD_POLICY_TTL, DEF_SMTPD_POLICY_TTL, 0, 1, 0,
521+ 21 + (const char *) VAR_SMTPD_POLICY_TRY_DELAY, DEF_SMTPD_POLICY_TRY_DELAY, 0, 1, 0,
522 0,
523 };
524 static ATTR_OVER_INT int_table[] = {
525- 21 + VAR_SMTPD_POLICY_REQ_LIMIT, 0, 0, 0,
526- 21 + VAR_SMTPD_POLICY_TRY_LIMIT, 0, 1, 0,
527+ 21 + (const char *) VAR_SMTPD_POLICY_REQ_LIMIT, 0, 0, 0,
528+ 21 + (const char *) VAR_SMTPD_POLICY_TRY_LIMIT, 0, 1, 0,
529 0,
530 };
531 static ATTR_OVER_STR str_table[] = {
532- 21 + VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0,
533- 21 + VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0,
534+ 21 + (const char *) VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0,
535+ 21 + (const char *) VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0,
536 0,
537 };
538
539diff --git a/src/tls/tls_bio_ops.c b/src/tls/tls_bio_ops.c
540index 1f4ec41..9b66195 100644
541--- a/src/tls/tls_bio_ops.c
542+++ b/src/tls/tls_bio_ops.c
543@@ -194,6 +194,13 @@ int tls_bio(int fd, int timeout, TLS_SESS_STATE *TLScontext,
544 * handling any pending network I/O.
545 */
546 for (;;) {
547+
548+ /*
549+ * Flush the per-thread SSL error queue. Otherwise, errors from other
550+ * code that also uses TLS may confuse SSL_get_error(3).
551+ */
552+ ERR_clear_error();
553+
554 if (hsfunc)
555 status = hsfunc(TLScontext->con);
556 else if (rfunc)
557diff --git a/src/tls/tls_misc.c b/src/tls/tls_misc.c
558index 9fac444..1a1fd96 100644
559--- a/src/tls/tls_misc.c
560+++ b/src/tls/tls_misc.c
561@@ -686,6 +686,27 @@ static int server_sni_callback(SSL *ssl, int *alert, void *arg)
562 TLScontext->namaddr, sni);
563 return SSL_TLSEXT_ERR_NOACK;
564 }
565+
566+ /*
567+ * With TLS 1.3, when the client's proposed key share is not supported by
568+ * the server, the server may issue a HelloRetryRequest (HRR), and the
569+ * client will then retry with a new key share on a curve supported by
570+ * the server. This results in the SNI callback running twice for the
571+ * same connection.
572+ *
573+ * When that happens, The client MUST send the essentially the same hello
574+ * message, including the SNI name, and since we've already loaded our
575+ * certificate chain, we don't need to do it again! Therefore, if we've
576+ * already recorded the peer SNI name, just check that it has not
577+ * changed, and return success.
578+ */
579+ if (TLScontext->peer_sni) {
580+ if (strcmp(sni, TLScontext->peer_sni) == 0)
581+ return SSL_TLSEXT_ERR_OK;
582+ msg_warn("TLS SNI changed from %s initially %s, %s after hello retry",
583+ TLScontext->namaddr, TLScontext->peer_sni, sni);
584+ return SSL_TLSEXT_ERR_NOACK;
585+ }
586 do {
587 /* Don't silently skip maps opened with the wrong flags. */
588 pem = maps_file_find(tls_server_sni_maps, cp, 0);
589diff --git a/src/tls/tls_session.c b/src/tls/tls_session.c
590index 3f6027f..a4b7a8f 100644
591--- a/src/tls/tls_session.c
592+++ b/src/tls/tls_session.c
593@@ -118,7 +118,7 @@ void tls_session_stop(TLS_APPL_STATE *unused_ctx, VSTREAM *stream, int timeou
594 * so we will not perform SSL_shutdown() and the session will be removed
595 * as being bad.
596 */
597- if (!failure) {
598+ if (!failure && !SSL_in_init(TLScontext->con)) {
599 retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
600 if (!var_tls_fast_shutdown && retval == 0)
601 tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
602diff --git a/src/tlsproxy/tlsproxy.c b/src/tlsproxy/tlsproxy.c
603index 50b4154..65c7201 100644
604--- a/src/tlsproxy/tlsproxy.c
605+++ b/src/tlsproxy/tlsproxy.c
606@@ -781,6 +781,7 @@ static void tlsp_strategy(TLSP_STATE *state)
607 */
608 if (state->flags & TLSP_FLAG_DO_HANDSHAKE) {
609 state->timeout = state->handshake_timeout;
610+ ERR_clear_error();
611 if (state->is_server_role)
612 ssl_stat = SSL_accept(tls_context->con);
613 else
614@@ -809,6 +810,7 @@ static void tlsp_strategy(TLSP_STATE *state)
615 if (NBBIO_ERROR_FLAGS(plaintext_buf)) {
616 if (NBBIO_ACTIVE_FLAGS(plaintext_buf))
617 nbbio_disable_readwrite(state->plaintext_buf);
618+ ERR_clear_error();
619 if (!SSL_in_init(tls_context->con)
620 && (ssl_stat = SSL_shutdown(tls_context->con)) < 0) {
621 handshake_err = SSL_get_error(tls_context->con, ssl_stat);
622@@ -835,6 +837,7 @@ static void tlsp_strategy(TLSP_STATE *state)
623 */
624 ssl_write_err = SSL_ERROR_NONE;
625 while (NBBIO_READ_PEND(plaintext_buf) > 0) {
626+ ERR_clear_error();
627 ssl_stat = SSL_write(tls_context->con, NBBIO_READ_BUF(plaintext_buf),
628 NBBIO_READ_PEND(plaintext_buf));
629 ssl_write_err = SSL_get_error(tls_context->con, ssl_stat);
630@@ -865,6 +868,7 @@ static void tlsp_strategy(TLSP_STATE *state)
631 */
632 ssl_read_err = SSL_ERROR_NONE;
633 while (NBBIO_WRITE_PEND(state->plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) {
634+ ERR_clear_error();
635 ssl_stat = SSL_read(tls_context->con,
636 NBBIO_WRITE_BUF(plaintext_buf)
637 + NBBIO_WRITE_PEND(state->plaintext_buf),
638@@ -1489,16 +1493,15 @@ static void tlsp_service(VSTREAM *plaintext_stream,
639 TLSP_INIT_TIMEOUT, (void *) state);
640 }
641
642-/* pre_jail_init - pre-jail initialization */
643+/* pre_jail_init_server - pre-jail initialization */
644
645-static void pre_jail_init(char *unused_name, char **unused_argv)
646+static void pre_jail_init_server(void)
647 {
648 TLS_SERVER_INIT_PROPS props;
649 const char *cert_file;
650 int have_server_cert;
651 int no_server_cert_ok;
652 int require_server_cert;
653- int clnt_use_tls;
654
655 /*
656 * The code in this routine is pasted literally from smtpd(8). I am not
657@@ -1531,7 +1534,7 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
658 }
659 var_tlsp_use_tls = var_tlsp_use_tls || var_tlsp_enforce_tls;
660 if (!var_tlsp_use_tls) {
661- msg_warn("TLS service is requested, but disabled with %s or %s",
662+ msg_warn("TLS server role is disabled with %s or %s",
663 VAR_TLSP_TLS_LEVEL, VAR_TLSP_USE_TLS);
664 return;
665 }
666@@ -1622,6 +1625,13 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
667 SSL_CTX_set_mode(tlsp_server_ctx->ssl_ctx,
668 SSL_MODE_ENABLE_PARTIAL_WRITE
669 | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
670+}
671+
672+/* pre_jail_init_client - pre-jail initialization */
673+
674+static void pre_jail_init_client(void)
675+{
676+ int clnt_use_tls;
677
678 /*
679 * The cache with TLS_APPL_STATE instances for different TLS_CLIENT_INIT
680@@ -1733,6 +1743,18 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
681 msg_warn("TLS client initialization failed");
682 }
683 }
684+}
685+
686+/* pre_jail_init - pre-jail initialization */
687+
688+static void pre_jail_init(char *unused_name, char **unused_argv)
689+{
690+
691+ /*
692+ * Initialize roles separately.
693+ */
694+ pre_jail_init_server();
695+ pre_jail_init_client();
696
697 /*
698 * tlsp_client_init() needs to know if it is called pre-jail or
699diff --git a/src/util/midna_domain.c b/src/util/midna_domain.c
700index 667e75e..333a5c9 100644
701--- a/src/util/midna_domain.c
702+++ b/src/util/midna_domain.c
703@@ -20,6 +20,8 @@
704 /*
705 /* const char *midna_domain_suffix_to_utf8(
706 /* const char *name)
707+/* AUXILIARY FUNCTIONS
708+/* void midna_domain_pre_chroot(void)
709 /* DESCRIPTION
710 /* The functions in this module transform domain names from/to
711 /* ASCII and UTF-8 form. The result is cached to avoid repeated
712@@ -52,6 +54,8 @@
713 /*
714 /* midna_domain_transitional enables transitional conversion
715 /* between UTF8 and ASCII labels.
716+/*
717+/* midna_domain_pre_chroot() does some pre-chroot initialization.
718 /* SEE ALSO
719 /* http://unicode.org/reports/tr46/ Unicode IDNA Compatibility processing
720 /* msg(3) diagnostics interface
721@@ -144,6 +148,22 @@ static const char *midna_domain_strerror(UErrorCode error, int info_errors)
722 }
723 }
724
725+/* midna_domain_pre_chroot - pre-chroot initialization */
726+
727+void midna_domain_pre_chroot(void)
728+{
729+ UErrorCode error = U_ZERO_ERROR;
730+ UIDNAInfo info = UIDNA_INFO_INITIALIZER;
731+ UIDNA *idna;
732+
733+ idna = uidna_openUTS46(midna_domain_transitional ? UIDNA_DEFAULT
734+ : UIDNA_NONTRANSITIONAL_TO_ASCII, &error);
735+ if (U_FAILURE(error))
736+ msg_warn("ICU library initialization failed: %s",
737+ midna_domain_strerror(error, info.errors));
738+ uidna_close(idna);
739+}
740+
741 /* midna_domain_to_ascii_create - convert domain to ASCII */
742
743 static void *midna_domain_to_ascii_create(const char *name, void *unused_context)
744@@ -327,6 +347,7 @@ const char *midna_domain_suffix_to_utf8(const char *name)
745 /*
746 * Test program - reads names from stdin, reports invalid names to stderr.
747 */
748+#include <unistd.h>
749 #include <stdlib.h>
750 #include <locale.h>
751
752@@ -350,6 +371,11 @@ int main(int argc, char **argv)
753 /* msg_verbose = 1; */
754 util_utf8_enable = 1;
755
756+ if (geteuid() == 0) {
757+ midna_domain_pre_chroot();
758+ if (chroot(".") != 0)
759+ msg_fatal("chroot(\".\"): %m");
760+ }
761 while (vstring_fgets_nonl(buffer, VSTREAM_IN)) {
762 bp = STR(buffer);
763 msg_info("> %s", bp);
764diff --git a/src/util/midna_domain.h b/src/util/midna_domain.h
765index 03d875b..1abe2a1 100644
766--- a/src/util/midna_domain.h
767+++ b/src/util/midna_domain.h
768@@ -18,6 +18,7 @@ extern const char *midna_domain_to_ascii(const char *);
769 extern const char *midna_domain_to_utf8(const char *);
770 extern const char *midna_domain_suffix_to_ascii(const char *);
771 extern const char *midna_domain_suffix_to_utf8(const char *);
772+extern void midna_domain_pre_chroot(void);
773
774 extern int midna_domain_cache_size;
775 extern int midna_domain_transitional;

Subscribers

People subscribed via source and target branches