--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: stretch-pu: package postfix/3.1.12-0+deb9u1
- From: Scott Kitterman <debian@kitterman.com>
- Date: Wed, 25 Sep 2019 17:14:11 -0400
- Message-id: <156944605132.13918.1464295171544970044.reportbug@l5580.kitterman.com>
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
As with the 3.4.7 update for buster, I'd like to update the 3.1 series
to 3.1.14 for stretch. I have this running on multiple systems that I
haven't upgraded yet and it's working fine. Please see debdiff for
details. This is mostly a subset of the 3.4.6/3.4.7 changes that apply
to 3.1.
Scott K
diff -Nru postfix-3.1.12/debian/changelog postfix-3.1.14/debian/changelog
--- postfix-3.1.12/debian/changelog 2019-03-25 01:01:51.000000000 -0400
+++ postfix-3.1.14/debian/changelog 2019-09-23 00:22:15.000000000 -0400
@@ -1,3 +1,57 @@
+postfix (3.1.14-0+deb9u1) stretch; urgency=medium
+
+ [Wietse Venema]
+
+ * 3.1.13
+ - Bugfix (introduced: Postfix 2.3): a censoring filter broke
+ multiline Milter responses for header/body events. Problem
+ report by Andreas Thienemann. Files: util/printable.c,
+ util/stringops.h, smtpd/smtpd.c
+ - Workaround for implementations that hang Postfix while
+ shutting down a TLS session, until Postfix times out. With
+ "tls_fast_shutdown_enable = yes" (the default), Postfix no
+ longer waits for the TLS peer to respond to a TLS 'close'
+ request. This is recommended with TLSv1.0 and later. Files:
+ global/mail_params.h, tls/tls_session.c, and documentation.
+ - Bugfix (introduced: Postfix 3.0): the code to reset Postfix
+ SMTP server command counts was not called after a HaProxy
+ handshake failure, causing stale numbers to be reported.
+ The command counts are now reset in the function that reports
+ the counts. File: smtpd/smtpd.c
+ * 3.1.14
+ - Bugfix: the documentation said tls_fast_shutdown_enable,
+ but the code said tls_fast_shutdown. Viktor Dukhovni. Changed
+ the code because no-one is expected to override the default.
+ File: global/mail_params.h.
+ - Workaround for poor TCP loopback performance on LINUX, where
+ getsockopt(..., TCP_MAXSEG, ..) reports a TCP maximal segment
+ size that is 1/2 to 1/3 of the MTU. For example, with kernel
+ 5.1.16-300.fc30.x86_64 the TCP client and server announce
+ an mss of 65495 in the TCP handshake, but getsockopt()
+ returns 32741 (less than half). As a matter of principle,
+ Postfix won't turn on client-side TCP_NODELAY because that
+ hides application performance bugs, and because that still
+ suffers from server-side delayed ACKs. Instead, Postfix
+ avoids sending "small" writes back-to-back, by choosing a
+ VSTREAM buffer size that is a multiple of the reported MSS.
+ This workaround bumps the multiplier from 2x to 4x. File:
+ util/vstream_tweak.c.
+ - Bugfix (introduced: 20051222): the Dovecot client could
+ segfault (null pointer read) or cause an SMTP server assertion
+ to fail when talking to a fake Dovecot server. The client
+ now logs a proper error instead. Problem reported by Tim
+ Düsterhus. File: xsasl/xsasl_dovecot_server.c.
+ - Bitrot: don't invoke SSL_shutdown() when the SSL engine
+ thinks it is processing a TLS handshake. The commit at
+ https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59
+ changed the error status, incompatibly, from SSL_ERROR_NONE
+ into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c.
+ - Bugfix (introduced: Postfix-2.9.0): null pointer read, while
+ logging a warning after a postscreen_command_filter read
+ error. File: postscreen/postscreen_smtpd.c.
+
+ -- Scott Kitterman <scott@kitterman.com> Mon, 23 Sep 2019 00:22:15 -0400
+
postfix (3.1.12-0+deb9u1) stretch; urgency=medium
[Scott Kitterman]
diff -Nru postfix-3.1.12/debian/patches/10_openssl_version_check.diff postfix-3.1.14/debian/patches/10_openssl_version_check.diff
--- postfix-3.1.12/debian/patches/10_openssl_version_check.diff 2019-03-25 01:01:51.000000000 -0400
+++ postfix-3.1.14/debian/patches/10_openssl_version_check.diff 2019-09-23 00:22:15.000000000 -0400
@@ -1,8 +1,8 @@
-Index: postfix-dev/src/tls/tls_misc.c
+Index: postfix/src/tls/tls_misc.c
===================================================================
---- postfix-dev.orig/src/tls/tls_misc.c 2019-03-25 01:13:48.562959283 -0400
-+++ postfix-dev/src/tls/tls_misc.c 2019-03-25 01:15:15.170961131 -0400
-@@ -1252,26 +1252,7 @@
+--- postfix.orig/src/tls/tls_misc.c
++++ postfix/src/tls/tls_misc.c
+@@ -1255,26 +1255,7 @@ static void tls_version_split(unsigned l
void tls_check_version(void)
{
diff -Nru postfix-3.1.12/HISTORY postfix-3.1.14/HISTORY
--- postfix-3.1.12/HISTORY 2019-03-29 08:13:24.000000000 -0400
+++ postfix-3.1.14/HISTORY 2019-09-21 11:55:11.000000000 -0400
@@ -22490,3 +22490,72 @@
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
+
+20190403
+
+ Bugfix (introduced: Postfix 2.3): a censoring filter broke
+ multiline Milter responses for header/body events. Problem
+ report by Andreas Thienemann. Files: util/printable.c,
+ util/stringops.h, smtpd/smtpd.c
+
+20190615
+
+ Workaround for implementations that hang Postfix while
+ shutting down a TLS session, until Postfix times out. With
+ "tls_fast_shutdown_enable = yes" (the default), Postfix no
+ longer waits for the TLS peer to respond to a TLS 'close'
+ request. This is recommended with TLSv1.0 and later. Files:
+ global/mail_params.h, tls/tls_session.c, and documentation.
+
+20190621
+
+ Bugfix (introduced: Postfix 3.0): the code to reset Postfix
+ SMTP server command counts was not called after a HaProxy
+ handshake failure, causing stale numbers to be reported.
+ The command counts are now reset in the function that reports
+ the counts. File: smtpd/smtpd.c.
+
+20190723
+
+ Bugfix: the documentation said tls_fast_shutdown_enable,
+ but the code said tls_fast_shutdown. Viktor Dukhovni. Changed
+ the code because no-one is expected to override the default.
+ File: global/mail_params.h.
+
+20190820
+
+ Workaround for poor TCP loopback performance on LINUX, where
+ getsockopt(..., TCP_MAXSEG, ..) reports a TCP maximal segment
+ size that is 1/2 to 1/3 of the MTU. For example, with kernel
+ 5.1.16-300.fc30.x86_64 the TCP client and server announce
+ an mss of 65495 in the TCP handshake, but getsockopt()
+ returns 32741 (less than half). As a matter of principle,
+ Postfix won't turn on client-side TCP_NODELAY because that
+ hides application performance bugs, and because that still
+ suffers from server-side delayed ACKs. Instead, Postfix
+ avoids sending "small" writes back-to-back, by choosing a
+ VSTREAM buffer size that is a multiple of the reported MSS.
+ This workaround bumps the multiplier from 2x to 4x. File:
+ util/vstream_tweak.c.
+
+20190825
+
+ Bugfix (introduced: 20051222): the Dovecot client could
+ segfault (null pointer read) or cause an SMTP server assertion
+ to fail when talking to a fake Dovecot server. The client
+ now logs a proper error instead. Problem reported by Tim
+ Düsterhus. File: xsasl/xsasl_dovecot_server.c.
+
+20190914
+
+ Bitrot: don't invoke SSL_shutdown() when the SSL engine
+ thinks it is processing a TLS handshake. The commit at
+ https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59
+ changed the error status, incompatibly, from SSL_ERROR_NONE
+ into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c.
+
+20190921 (backport from Postfix >= 3.4)
+
+ Bugfix (introduced: Postfix-2.9.0): null pointer read, while
+ logging a warning after a postscreen_command_filter read
+ error. File: postscreen/postscreen_smtpd.c.
diff -Nru postfix-3.1.12/html/lmtp.8.html postfix-3.1.14/html/lmtp.8.html
--- postfix-3.1.12/html/lmtp.8.html 2016-02-13 20:09:40.000000000 -0500
+++ postfix-3.1.14/html/lmtp.8.html 2019-06-29 18:46:17.000000000 -0400
@@ -569,6 +569,12 @@
nexthop destination security level is <b>dane</b>, but the MX record
was found via an "insecure" MX lookup.
+ Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+
+ <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
+ A workaround for implementations that hang Postfix while shuting
+ down a TLS session, until Postfix times out.
+
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a
diff -Nru postfix-3.1.12/html/postconf.5.html postfix-3.1.14/html/postconf.5.html
--- postfix-3.1.12/html/postconf.5.html 2018-11-10 19:09:43.000000000 -0500
+++ postfix-3.1.14/html/postconf.5.html 2019-06-29 09:34:14.000000000 -0400
@@ -17760,6 +17760,21 @@
</DD>
+<DT><b><a name="tls_fast_shutdown_enable">tls_fast_shutdown_enable</a>
+(default: yes)</b></DT><DD>
+
+<p> A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out. With this enabled,
+Postfix will not wait for the remote TLS peer to respond to a TLS
+'close' notification. This behavior is recommended for TLSv1.0 and
+later. </p>
+
+<p> This feature was introduced with Postfix 3.4.6, 3.3.5, 3.2.10,
+and 3.1.13. </p>
+
+
+</DD>
+
<DT><b><a name="tls_high_cipherlist">tls_high_cipherlist</a>
(default: see "postconf -d" output)</b></DT><DD>
diff -Nru postfix-3.1.12/html/smtp.8.html postfix-3.1.14/html/smtp.8.html
--- postfix-3.1.12/html/smtp.8.html 2016-02-13 20:09:40.000000000 -0500
+++ postfix-3.1.14/html/smtp.8.html 2019-06-29 18:46:17.000000000 -0400
@@ -569,6 +569,12 @@
nexthop destination security level is <b>dane</b>, but the MX record
was found via an "insecure" MX lookup.
+ Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+
+ <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
+ A workaround for implementations that hang Postfix while shuting
+ down a TLS session, until Postfix times out.
+
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a
diff -Nru postfix-3.1.12/html/smtpd.8.html postfix-3.1.14/html/smtpd.8.html
--- postfix-3.1.12/html/smtpd.8.html 2018-11-17 18:11:07.000000000 -0500
+++ postfix-3.1.14/html/smtpd.8.html 2019-06-29 18:48:21.000000000 -0400
@@ -559,6 +559,12 @@
<b>aes-128-cbc)</b>
Algorithm used to encrypt <a href="http://tools.ietf.org/html/rfc5077";>RFC5077</a> TLS session tickets.
+ Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+
+ <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
+ A workaround for implementations that hang Postfix while shuting
+ down a TLS session, until Postfix times out.
+
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a
diff -Nru postfix-3.1.12/html/tlsproxy.8.html postfix-3.1.14/html/tlsproxy.8.html
--- postfix-3.1.12/html/tlsproxy.8.html 2018-11-04 18:05:37.000000000 -0500
+++ postfix-3.1.14/html/tlsproxy.8.html 2019-06-29 18:49:28.000000000 -0400
@@ -159,6 +159,12 @@
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
+ Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+
+ <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
+ A workaround for implementations that hang Postfix while shuting
+ down a TLS session, until Postfix times out.
+
<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
These parameters are supported for compatibility with <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy
parameters.
diff -Nru postfix-3.1.12/man/man5/postconf.5 postfix-3.1.14/man/man5/postconf.5
--- postfix-3.1.12/man/man5/postconf.5 2018-11-10 19:09:43.000000000 -0500
+++ postfix-3.1.14/man/man5/postconf.5 2019-06-29 09:34:14.000000000 -0400
@@ -12249,6 +12249,15 @@
encouraged to not change this setting.
.PP
This feature is available in Postfix 2.3 and later.
+.SH tls_fast_shutdown_enable (default: yes)
+A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out. With this enabled,
+Postfix will not wait for the remote TLS peer to respond to a TLS
+'close' notification. This behavior is recommended for TLSv1.0 and
+later.
+.PP
+This feature was introduced with Postfix 3.4.6, 3.3.5, 3.2.10,
+and 3.1.13.
.SH tls_high_cipherlist (default: see "postconf \-d" output)
The OpenSSL cipherlist for "high" grade ciphers. This defines
the meaning of the "high" setting in smtpd_tls_ciphers,
diff -Nru postfix-3.1.12/man/man8/smtp.8 postfix-3.1.14/man/man8/smtp.8
--- postfix-3.1.12/man/man8/smtp.8 2016-02-13 20:09:40.000000000 -0500
+++ postfix-3.1.14/man/man8/smtp.8 2019-06-29 09:34:14.000000000 -0400
@@ -504,6 +504,11 @@
The TLS policy for MX hosts with "secure" TLSA records when the
nexthop destination security level is \fBdane\fR, but the MX
record was found via an "insecure" MX lookup.
+.PP
+Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+.IP "\fBtls_fast_shutdown_enable (yes)\fR"
+A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
diff -Nru postfix-3.1.12/man/man8/smtpd.8 postfix-3.1.14/man/man8/smtpd.8
--- postfix-3.1.12/man/man8/smtpd.8 2018-11-17 18:11:07.000000000 -0500
+++ postfix-3.1.14/man/man8/smtpd.8 2019-06-29 09:34:14.000000000 -0400
@@ -502,6 +502,11 @@
Available in Postfix version 3.0 and later:
.IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc)\fR"
Algorithm used to encrypt RFC5077 TLS session tickets.
+.PP
+Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+.IP "\fBtls_fast_shutdown_enable (yes)\fR"
+A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
diff -Nru postfix-3.1.12/man/man8/tlsproxy.8 postfix-3.1.14/man/man8/tlsproxy.8
--- postfix-3.1.12/man/man8/tlsproxy.8 2018-11-04 18:05:37.000000000 -0500
+++ postfix-3.1.14/man/man8/tlsproxy.8 2019-06-29 09:34:15.000000000 -0400
@@ -152,6 +152,11 @@
Available in Postfix version 2.11 and later:
.IP "\fBtlsmgr_service_name (tlsmgr)\fR"
The name of the \fBtlsmgr\fR(8) service entry in master.cf.
+.PP
+Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+.IP "\fBtls_fast_shutdown_enable (yes)\fR"
+A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out.
.SH "OBSOLETE STARTTLS SUPPORT CONTROLS"
.na
.nf
diff -Nru postfix-3.1.12/mantools/postlink postfix-3.1.14/mantools/postlink
--- postfix-3.1.12/mantools/postlink 2016-02-08 17:34:51.000000000 -0500
+++ postfix-3.1.14/mantools/postlink 2019-06-25 17:20:41.000000000 -0400
@@ -748,6 +748,7 @@
s;\btls_wildcard_matches_multiple_labels\b;<a href="postconf.5.html#tls_wildcard_matches_multiple_labels">$&</a>;g;
s;\btls_session_ticket_cipher\b;<a href="postconf.5.html#tls_session_ticket_cipher">$&</a>;g;
s;\btls_ssl_options\b;<a href="postconf.5.html#tls_ssl_options">$&</a>;g;
+ s;\btls_fast_shutdown_enable\b;<a href="postconf.5.html#tls_fast_shutdown_enable">$&</a>;g;
s;\bfrozen_delivered_to\b;<a href="postconf.5.html#frozen_delivered_to">$&</a>;g;
s;\breset_owner_alias\b;<a href="postconf.5.html#reset_owner_alias">$&</a>;g;
diff -Nru postfix-3.1.12/proto/postconf.proto postfix-3.1.14/proto/postconf.proto
--- postfix-3.1.12/proto/postconf.proto 2018-11-10 19:09:28.000000000 -0500
+++ postfix-3.1.14/proto/postconf.proto 2019-06-28 17:19:45.000000000 -0400
@@ -16115,6 +16115,17 @@
<p> This feature is available in Postfix 3.0 and later. </p>
+%PARAM tls_fast_shutdown_enable yes
+
+<p> A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out. With this enabled,
+Postfix will not wait for the remote TLS peer to respond to a TLS
+'close' notification. This behavior is recommended for TLSv1.0 and
+later. </p>
+
+<p> This feature was introduced with Postfix 3.4.6, 3.3.5, 3.2.10,
+and 3.1.13. </p>
+
%PARAM default_delivery_status_filter
<p> Optional filter to replace the delivery status code or explanatory
diff -Nru postfix-3.1.12/README_FILES/RELEASE_NOTES postfix-3.1.14/README_FILES/RELEASE_NOTES
--- postfix-3.1.12/README_FILES/RELEASE_NOTES 2016-10-01 19:36:03.000000000 -0400
+++ postfix-3.1.14/README_FILES/RELEASE_NOTES 2019-06-27 19:38:01.000000000 -0400
@@ -16,6 +16,16 @@
If you upgrade from Postfix 2.11 or earlier, read RELEASE_NOTES-3.0
before proceeding.
+TLS Workaround for Postfix 3.4.6, 3.3.5, 3.2.10 and 3.1.13
+-----------------------------------------------------------
+
+This release introduces a workaround for implementations that hang
+Postfix while shutting down a TLS session, until Postfix times out.
+With "tls_fast_shutdown_enable = yes" (the default), Postfix no
+longer waits for a remote TLS peer to respond to a TLS 'close'
+request. This behavior is recommended with TLSv1.0 and later. Specify
+"tls_fast_shutdown_enable = no" to get historical Postfix behavior.
+
Workaround - UTF8 support in Postfix MySQL queries
--------------------------------------------------
diff -Nru postfix-3.1.12/RELEASE_NOTES postfix-3.1.14/RELEASE_NOTES
--- postfix-3.1.12/RELEASE_NOTES 2016-10-01 19:36:03.000000000 -0400
+++ postfix-3.1.14/RELEASE_NOTES 2019-06-27 19:38:01.000000000 -0400
@@ -16,6 +16,16 @@
If you upgrade from Postfix 2.11 or earlier, read RELEASE_NOTES-3.0
before proceeding.
+TLS Workaround for Postfix 3.4.6, 3.3.5, 3.2.10 and 3.1.13
+-----------------------------------------------------------
+
+This release introduces a workaround for implementations that hang
+Postfix while shutting down a TLS session, until Postfix times out.
+With "tls_fast_shutdown_enable = yes" (the default), Postfix no
+longer waits for a remote TLS peer to respond to a TLS 'close'
+request. This behavior is recommended with TLSv1.0 and later. Specify
+"tls_fast_shutdown_enable = no" to get historical Postfix behavior.
+
Workaround - UTF8 support in Postfix MySQL queries
--------------------------------------------------
diff -Nru postfix-3.1.12/src/global/mail_params.h postfix-3.1.14/src/global/mail_params.h
--- postfix-3.1.12/src/global/mail_params.h 2018-02-18 10:43:14.000000000 -0500
+++ postfix-3.1.14/src/global/mail_params.h 2019-07-23 18:46:37.000000000 -0400
@@ -3261,6 +3261,13 @@
extern bool var_tls_dane_taa_dgst;
/*
+ * The default is backwards-incompatible.
+ */
+#define VAR_TLS_FAST_SHUTDOWN "tls_fast_shutdown_enable"
+#define DEF_TLS_FAST_SHUTDOWN 1
+extern bool var_tls_fast_shutdown;
+
+ /*
* Sendmail-style mail filter support.
*/
#define VAR_SMTPD_MILTERS "smtpd_milters"
diff -Nru postfix-3.1.12/src/global/mail_version.h postfix-3.1.14/src/global/mail_version.h
--- postfix-3.1.12/src/global/mail_version.h 2019-03-30 10:35:34.000000000 -0400
+++ postfix-3.1.14/src/global/mail_version.h 2019-09-21 12:25:29.000000000 -0400
@@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20190330"
-#define MAIL_VERSION_NUMBER "3.1.12"
+#define MAIL_RELEASE_DATE "20190921"
+#define MAIL_VERSION_NUMBER "3.1.14"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -Nru postfix-3.1.12/src/postscreen/postscreen_smtpd.c postfix-3.1.14/src/postscreen/postscreen_smtpd.c
--- postfix-3.1.12/src/postscreen/postscreen_smtpd.c 2014-12-06 20:35:34.000000000 -0500
+++ postfix-3.1.14/src/postscreen/postscreen_smtpd.c 2019-06-30 13:22:15.000000000 -0400
@@ -895,7 +895,8 @@
vstring_strcpy(state->cmd_buffer, cp);
} else if (psc_cmd_filter->error != 0) {
msg_fatal("%s:%s lookup error for \"%.100s\"",
- psc_cmd_filter->type, psc_cmd_filter->name, cp);
+ psc_cmd_filter->type, psc_cmd_filter->name,
+ STR(state->cmd_buffer));
}
}
diff -Nru postfix-3.1.12/src/smtp/smtp.c postfix-3.1.14/src/smtp/smtp.c
--- postfix-3.1.12/src/smtp/smtp.c 2016-02-13 20:08:41.000000000 -0500
+++ postfix-3.1.14/src/smtp/smtp.c 2019-06-29 09:34:14.000000000 -0400
@@ -474,6 +474,11 @@
/* The TLS policy for MX hosts with "secure" TLSA records when the
/* nexthop destination security level is \fBdane\fR, but the MX
/* record was found via an "insecure" MX lookup.
+/* .PP
+/* Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
+/* A workaround for implementations that hang Postfix while shuting
+/* down a TLS session, until Postfix times out.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
diff -Nru postfix-3.1.12/src/smtpd/smtpd.c postfix-3.1.14/src/smtpd/smtpd.c
--- postfix-3.1.12/src/smtpd/smtpd.c 2018-11-17 18:10:03.000000000 -0500
+++ postfix-3.1.14/src/smtpd/smtpd.c 2019-06-29 09:34:14.000000000 -0400
@@ -468,6 +468,11 @@
/* Available in Postfix version 3.0 and later:
/* .IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes-256-cbc, Postfix < 3.0: aes-128-cbc)\fR"
/* Algorithm used to encrypt RFC5077 TLS session tickets.
+/* .PP
+/* Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
+/* A workaround for implementations that hang Postfix while shuting
+/* down a TLS session, until Postfix times out.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
@@ -3448,6 +3453,12 @@
if (vstream_ferror(state->cleanup))
state->err = CLEANUP_STAT_WRITE;
}
+
+#define IS_SMTP_REJECT(s) \
+ (((s)[0] == '4' || (s)[0] == '5') \
+ && ISDIGIT((s)[1]) && ISDIGIT((s)[2]) \
+ && ((s)[3] == '\0' || (s)[3] == ' ' || (s)[3] == '-'))
+
if (state->err == CLEANUP_STAT_OK)
if (rec_fputs(state->cleanup, REC_TYPE_END, "") < 0
|| vstream_fflush(state->cleanup))
@@ -3455,7 +3466,10 @@
if (state->err == 0) {
why = vstring_alloc(10);
state->err = mail_stream_finish(state->dest, why);
- printable(STR(why), ' ');
+ if (IS_SMTP_REJECT(STR(why)))
+ printable_except(STR(why), ' ', "\r\n");
+ else
+ printable(STR(why), ' ');
} else
mail_stream_cleanup(state->dest);
state->dest = 0;
@@ -3490,11 +3504,6 @@
*
* See also: qmqpd.c
*/
-#define IS_SMTP_REJECT(s) \
- (((s)[0] == '4' || (s)[0] == '5') \
- && ISDIGIT((s)[1]) && ISDIGIT((s)[2]) \
- && ((s)[3] == '\0' || (s)[3] == ' ' || (s)[3] == '-'))
-
if (state->err == CLEANUP_STAT_OK) {
state->error_count = 0;
state->error_mask = 0;
@@ -4916,15 +4925,6 @@
case 0:
/*
- * Reset the per-command counters.
- */
- for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) {
- cmdp->success_count = cmdp->total_count = 0;
- if (cmdp->name == 0)
- break;
- }
-
- /*
* In TLS wrapper mode, turn on TLS using code that is shared with
* the STARTTLS command. This code does not return when the handshake
* fails.
@@ -5314,6 +5314,15 @@
if (cmdp->name == 0)
break;
}
+
+ /*
+ * Reset the per-command counters.
+ */
+ for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) {
+ cmdp->success_count = cmdp->total_count = 0;
+ if (cmdp->name == 0)
+ break;
+ }
/*
* Log total numbers, so that logfile analyzers will see something even
diff -Nru postfix-3.1.12/src/tls/Makefile.in postfix-3.1.14/src/tls/Makefile.in
--- postfix-3.1.12/src/tls/Makefile.in 2015-01-27 19:13:11.000000000 -0500
+++ postfix-3.1.14/src/tls/Makefile.in 2019-06-25 17:20:41.000000000 -0400
@@ -429,6 +429,7 @@
tls_session.o: ../../include/argv.h
tls_session.o: ../../include/check_arg.h
tls_session.o: ../../include/dns.h
+tls_session.o: ../../include/mail_params.h
tls_session.o: ../../include/msg.h
tls_session.o: ../../include/myaddrinfo.h
tls_session.o: ../../include/mymalloc.h
diff -Nru postfix-3.1.12/src/tls/tls_misc.c postfix-3.1.14/src/tls/tls_misc.c
--- postfix-3.1.12/src/tls/tls_misc.c 2018-11-17 18:10:03.000000000 -0500
+++ postfix-3.1.14/src/tls/tls_misc.c 2019-06-25 17:20:41.000000000 -0400
@@ -44,6 +44,7 @@
/* char *var_tls_mgr_service;
/* char *var_tls_tkt_cipher;
/* char *var_openssl_path;
+/* bool var_tls_fast_shutdown;
/*
/* TLS_APPL_STATE *tls_alloc_app_context(ssl_ctx, log_mask)
/* SSL_CTX *ssl_ctx;
@@ -283,6 +284,7 @@
char *var_tls_mgr_service;
char *var_tls_tkt_cipher;
char *var_openssl_path;
+bool var_tls_fast_shutdown;
#ifdef VAR_TLS_PREEMPT_CLIST
bool var_tls_preempt_clist;
@@ -724,6 +726,7 @@
VAR_TLS_DANE_TAA_DGST, DEF_TLS_DANE_TAA_DGST, &var_tls_dane_taa_dgst,
VAR_TLS_PREEMPT_CLIST, DEF_TLS_PREEMPT_CLIST, &var_tls_preempt_clist,
VAR_TLS_MULTI_WILDCARD, DEF_TLS_MULTI_WILDCARD, &var_tls_multi_wildcard,
+ VAR_TLS_FAST_SHUTDOWN, DEF_TLS_FAST_SHUTDOWN, &var_tls_fast_shutdown,
0,
};
static int init_done;
diff -Nru postfix-3.1.12/src/tls/tls_session.c postfix-3.1.14/src/tls/tls_session.c
--- postfix-3.1.12/src/tls/tls_session.c 2008-01-07 20:21:49.000000000 -0500
+++ postfix-3.1.14/src/tls/tls_session.c 2019-06-25 17:20:41.000000000 -0400
@@ -66,6 +66,10 @@
#include <msg.h>
#include <mymalloc.h>
+/* Global library. */
+
+#include <mail_params.h>
+
/* TLS library. */
#define TLS_INTERNAL
@@ -90,6 +94,18 @@
msg_panic("%s: stream has no active TLS context", myname);
/*
+ * According to RFC 2246 (TLS 1.0), there is no requirement to wait for
+ * the peer's close-notify. If the application protocol provides
+ * sufficient session termination signaling, then there's no need to
+ * duplicate that at the TLS close-notify layer.
+ *
+ * https://tools.ietf.org/html/rfc2246#section-7.2.1
+ * https://tools.ietf.org/html/rfc4346#section-7.2.1
+ * https://tools.ietf.org/html/rfc5246#section-7.2.1
+ *
+ * Specify 'tls_fast_shutdown = no' to enable the historical behavior
+ * described below.
+ *
* Perform SSL_shutdown() twice, as the first attempt will send out the
* shutdown alert but it will not wait for the peer's shutdown alert.
* Therefore, when we are the first party to send the alert, we must call
@@ -99,7 +115,7 @@
*/
if (!failure) {
retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
- if (retval == 0)
+ if (!var_tls_fast_shutdown && retval == 0)
tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
}
tls_free_context(TLScontext);
diff -Nru postfix-3.1.12/src/tlsproxy/tlsproxy.c postfix-3.1.14/src/tlsproxy/tlsproxy.c
--- postfix-3.1.12/src/tlsproxy/tlsproxy.c 2018-05-19 09:24:34.000000000 -0400
+++ postfix-3.1.14/src/tlsproxy/tlsproxy.c 2019-09-20 19:07:16.000000000 -0400
@@ -136,6 +136,11 @@
/* Available in Postfix version 2.11 and later:
/* .IP "\fBtlsmgr_service_name (tlsmgr)\fR"
/* The name of the \fBtlsmgr\fR(8) service entry in master.cf.
+/* .PP
+/* Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
+/* A workaround for implementations that hang Postfix while shuting
+/* down a TLS session, until Postfix times out.
/* OBSOLETE STARTTLS SUPPORT CONTROLS
/* .ad
/* .fi
@@ -501,9 +506,8 @@
if (NBBIO_ERROR_FLAGS(plaintext_buf)) {
if (NBBIO_ACTIVE_FLAGS(plaintext_buf))
nbbio_disable_readwrite(state->plaintext_buf);
- ssl_stat = SSL_shutdown(tls_context->con);
- /* XXX Wait for return value 1 if sessions are to be reused? */
- if (ssl_stat < 0) {
+ if (!SSL_in_init(tls_context->con)
+ && (ssl_stat = SSL_shutdown(tls_context->con)) < 0) {
handshake_err = SSL_get_error(tls_context->con, ssl_stat);
tlsp_eval_tls_error(state, handshake_err);
/* At this point, state could be a dangling pointer. */
diff -Nru postfix-3.1.12/src/util/printable.c postfix-3.1.14/src/util/printable.c
--- postfix-3.1.12/src/util/printable.c 2015-01-13 19:19:23.000000000 -0500
+++ postfix-3.1.14/src/util/printable.c 2019-04-10 17:30:23.000000000 -0400
@@ -11,6 +11,11 @@
/* char *printable(buffer, replacement)
/* char *buffer;
/* int replacement;
+/*
+/* char *printable_except(buffer, replacement, except)
+/* char *buffer;
+/* int replacement;
+/* const char *except;
/* DESCRIPTION
/* printable() replaces non-printable characters
/* in its input with the given replacement.
@@ -24,6 +29,8 @@
/* .IP replacement
/* Replacement value for characters in \fIbuffer\fR that do not
/* pass the ASCII isprint(3) test or that are not valid UTF8.
+/* .IP except
+/* Null-terminated sequence of non-replaced ASCII characters.
/* LICENSE
/* .ad
/* .fi
@@ -33,12 +40,18 @@
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
+/*
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
/*--*/
/* System library. */
#include "sys_defs.h"
#include <ctype.h>
+#include <string.h>
/* Utility library. */
@@ -46,8 +59,21 @@
int util_utf8_enable = 0;
+/* printable - binary compatibility */
+
+#undef printable
+
+char *printable(char *, int);
+
char *printable(char *string, int replacement)
{
+ return (printable_except(string, replacement, (char *) 0));
+}
+
+/* printable_except - pass through printable or other preserved characters */
+
+char *printable_except(char *string, int replacement, const char *except)
+{
unsigned char *cp;
int ch;
@@ -57,7 +83,7 @@
*/
cp = (unsigned char *) string;
while ((ch = *cp) != 0) {
- if (ISASCII(ch) && ISPRINT(ch)) {
+ if (ISASCII(ch) && (ISPRINT(ch) || (except && strchr(except, ch)))) {
/* ok */
} else if (util_utf8_enable && ch >= 194 && ch <= 254
&& cp[1] >= 128 && cp[1] < 192) {
diff -Nru postfix-3.1.12/src/util/stringops.h postfix-3.1.14/src/util/stringops.h
--- postfix-3.1.12/src/util/stringops.h 2015-09-13 11:36:38.000000000 -0400
+++ postfix-3.1.14/src/util/stringops.h 2019-04-10 17:22:22.000000000 -0400
@@ -20,7 +20,7 @@
* External interface.
*/
extern int util_utf8_enable;
-extern char *printable(char *, int);
+extern char *printable_except(char *, int, const char *);
extern char *neuter(char *, const char *, int);
extern char *lowercase(char *);
extern char *casefoldx(int, VSTRING *, const char *, ssize_t);
@@ -32,6 +32,9 @@
extern char *mystrtokq(char **, const char *, const char *);
extern char *translit(char *, const char *, const char *);
+#define printable(string, replacement) \
+ printable_except((string), (replacement), (char *) 0)
+
#ifndef HAVE_BASENAME
#define basename postfix_basename
extern char *basename(const char *);
@@ -85,6 +88,11 @@
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
+/*
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
/*--*/
#endif
diff -Nru postfix-3.1.12/src/util/vstream_tweak.c postfix-3.1.14/src/util/vstream_tweak.c
--- postfix-3.1.12/src/util/vstream_tweak.c 2014-12-25 11:47:17.000000000 -0500
+++ postfix-3.1.14/src/util/vstream_tweak.c 2019-09-08 10:36:14.000000000 -0400
@@ -124,12 +124,20 @@
* stream buffer size to less than VSTREAM_BUFSIZE, when the request is
* made before the first stream read or write operation. We don't want to
* reduce the buffer size.
+ *
+ * As of 20190820 we increase the mss size multipler from 2x to 4x, because
+ * some LINUX loopback TCP stacks report an MSS of 21845 which is 3x
+ * smaller than the MTU of 65536. Even with a VSTREAM buffer 2x the
+ * reported MSS size, performance would suck due to Nagle or delayed ACK
+ * delays.
*/
#define EFF_BUFFER_SIZE(fp) (vstream_req_bufsize(fp) ? \
vstream_req_bufsize(fp) : VSTREAM_BUFSIZE)
#ifdef CA_VSTREAM_CTL_BUFSIZE
- if (mss > EFF_BUFFER_SIZE(fp) / 2) {
+ if (mss > EFF_BUFFER_SIZE(fp) / 4) {
+ if (mss < INT_MAX / 2)
+ mss *= 2;
if (mss < INT_MAX / 2)
mss *= 2;
vstream_control(fp,
diff -Nru postfix-3.1.12/src/xsasl/xsasl_dovecot_server.c postfix-3.1.14/src/xsasl/xsasl_dovecot_server.c
--- postfix-3.1.12/src/xsasl/xsasl_dovecot_server.c 2016-01-23 19:50:54.000000000 -0500
+++ postfix-3.1.14/src/xsasl/xsasl_dovecot_server.c 2019-08-27 03:35:11.000000000 -0400
@@ -584,10 +584,20 @@
if (xsasl_dovecot_parse_reply(server, &line) == 0) {
/* authentication successful */
xsasl_dovecot_parse_reply_args(server, line, reply, 1);
+ if (server->username == 0) {
+ msg_warn("missing Dovecot server %s username field", cmd);
+ vstring_strcpy(reply, "Authentication backend error");
+ return XSASL_AUTH_FAIL;
+ }
return XSASL_AUTH_DONE;
}
} else if (strcmp(cmd, "CONT") == 0) {
if (xsasl_dovecot_parse_reply(server, &line) == 0) {
+ if (line == 0) {
+ msg_warn("missing Dovecot server %s reply field", cmd);
+ vstring_strcpy(reply, "Authentication backend error");
+ return XSASL_AUTH_FAIL;
+ }
vstring_strcpy(reply, line);
return XSASL_AUTH_MORE;
}
--- End Message ---