Prereq: "3.3.9" diff -ur --new-file /var/tmp/postfix-3.3.9/src/global/mail_version.h ./src/global/mail_version.h --- /var/tmp/postfix-3.3.9/src/global/mail_version.h 2020-04-18 11:39:21.000000000 -0400 +++ ./src/global/mail_version.h 2020-05-16 12:11:23.000000000 -0400 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20200418" -#define MAIL_VERSION_NUMBER "3.3.9" +#define MAIL_RELEASE_DATE "20200516" +#define MAIL_VERSION_NUMBER "3.3.10" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -ur --new-file /var/tmp/postfix-3.3.9/HISTORY ./HISTORY --- /var/tmp/postfix-3.3.9/HISTORY 2020-04-18 13:45:19.000000000 -0400 +++ ./HISTORY 2020-05-16 16:25:00.000000000 -0400 @@ -23569,3 +23569,44 @@ Bitrot: LINUX5, GLIBC resolver flags. Files: makedefs, util/sys_defs.h, dns/dns_str_resflags.c. + +20200420 + + Noise suppression: shut up a compiler that special-cases + string literals. Viktor Dukhovni. File milter/milter.c. + +20200422 + + Security: disable DANE support on Alpine Linux because + libc-musl provides no indication whether DNS responses are + authentic. This broke DANE support without a clear explanation. + File: makedefs. + +20200505 + + Noise suppression: shut up a compiler that special-cases + string literals. Viktor Dukhovni. File smtpd/smtpd_check.c. + +20200510 + + Bitrot: avoid U_FILE_ACCESS_ERROR after chroot(), by + initializing the ICU library before making the chroot() + call. Files: util/midna_domain.[hc], global/mail_params.c. + +20200511 + + Noise suppression: avoid "SSL_Shutdown:shutdown while in + init" warnings. File: tls/tls_session.c. + +20200515 + + Bugfix (introduced: Postfix 2.2): a TLS error for a PostgreSQL + client caused a false 'lost connection' error for an SMTP + over TLS session in the same Postfix process. Reported by + Alexander Vasarab, diagnosed by Viktor Dukhovni. File: + tls/tls_bio_ops.c. + + Bugfix (introduced: Postfix 2.8): a TLS error for one TLS + session may cause a false 'lost connection' error for a + concurrent TLS session in the same tlsproxy process. File: + tlsproxy/tlsproxy.c. diff -ur --new-file /var/tmp/postfix-3.3.9/RELEASE_NOTES ./RELEASE_NOTES --- /var/tmp/postfix-3.3.9/RELEASE_NOTES 2019-06-27 19:19:11.000000000 -0400 +++ ./RELEASE_NOTES 2020-05-16 17:20:10.000000000 -0400 @@ -16,6 +16,14 @@ If you upgrade from Postfix 3.1 or earlier, read RELEASE_NOTES-3.2 before proceeding. +libc-musl workaround for Postfix 3.2.15, 3.3.10, 3.4.12, and 3.5.2 +------------------------------------------------------------------ + +Security: this release disables DANE support on Linux systems with +libc-musl, because libc-musl provides no indication whether DNS +responses are authentic. This broke DANE support without a clear +explanation. + TLS Workaround for Postfix 3.4.6, 3.3.5, 3.2.10 and 3.1.13 ----------------------------------------------------------- diff -ur --new-file /var/tmp/postfix-3.3.9/makedefs ./makedefs --- /var/tmp/postfix-3.3.9/makedefs 2020-04-18 13:13:16.000000000 -0400 +++ ./makedefs 2020-05-06 10:10:36.000000000 -0400 @@ -226,6 +226,19 @@ *) echo usage: $0 [system release] 1>&2; exit 1;; esac +case "$SYSTEM" in + Linux) + case "`PATH=/bin:/usr/bin ldd /bin/sh`" in + *-musl-*) + case "$CCARGS" in + *-DNO_DNSSEC*) ;; + *) echo Warning: libc-musl breaks DANE/TLSA security. 1>&2 + echo This build will not support DANE/TLSA. 1>&2 + CCARGS="$CCARGS -DNO_DNSSEC";; + esac;; + esac;; +esac + case "$SYSTEM.$RELEASE" in SCO_SV.3.2) SYSTYPE=SCO5 # Use the native compiler by default diff -ur --new-file /var/tmp/postfix-3.3.9/src/global/mail_params.c ./src/global/mail_params.c --- /var/tmp/postfix-3.3.9/src/global/mail_params.c 2018-01-13 09:22:49.000000000 -0500 +++ ./src/global/mail_params.c 2020-05-12 19:19:35.000000000 -0400 @@ -851,6 +851,8 @@ var_smtputf8_enable = 0; #else midna_domain_transitional = var_idna2003_compat; + if (var_smtputf8_enable) + midna_domain_pre_chroot(); #endif util_utf8_enable = var_smtputf8_enable; diff -ur --new-file /var/tmp/postfix-3.3.9/src/milter/milter.c ./src/milter/milter.c --- /var/tmp/postfix-3.3.9/src/milter/milter.c 2020-02-02 12:40:19.000000000 -0500 +++ ./src/milter/milter.c 2020-04-20 18:14:22.000000000 -0400 @@ -620,14 +620,14 @@ * names by skipping the redundant "milter_" prefix. */ static ATTR_OVER_TIME time_table[] = { - 7 + VAR_MILT_CONN_TIME, DEF_MILT_CONN_TIME, 0, 1, 0, - 7 + VAR_MILT_CMD_TIME, DEF_MILT_CMD_TIME, 0, 1, 0, - 7 + VAR_MILT_MSG_TIME, DEF_MILT_MSG_TIME, 0, 1, 0, + 7 + (const char *) VAR_MILT_CONN_TIME, DEF_MILT_CONN_TIME, 0, 1, 0, + 7 + (const char *) VAR_MILT_CMD_TIME, DEF_MILT_CMD_TIME, 0, 1, 0, + 7 + (const char *) VAR_MILT_MSG_TIME, DEF_MILT_MSG_TIME, 0, 1, 0, 0, }; static ATTR_OVER_STR str_table[] = { - 7 + VAR_MILT_PROTOCOL, 0, 1, 0, - 7 + VAR_MILT_DEF_ACTION, 0, 1, 0, + 7 + (const char *) VAR_MILT_PROTOCOL, 0, 1, 0, + 7 + (const char *) VAR_MILT_DEF_ACTION, 0, 1, 0, 0, }; diff -ur --new-file /var/tmp/postfix-3.3.9/src/smtpd/smtpd_check.c ./src/smtpd/smtpd_check.c --- /var/tmp/postfix-3.3.9/src/smtpd/smtpd_check.c 2019-03-30 08:01:12.000000000 -0400 +++ ./src/smtpd/smtpd_check.c 2020-05-05 18:33:25.000000000 -0400 @@ -483,20 +483,20 @@ * parameter names by skipping the redundant "smtpd_policy_service_" prefix. */ static ATTR_OVER_TIME time_table[] = { - 21 + VAR_SMTPD_POLICY_TMOUT, DEF_SMTPD_POLICY_TMOUT, 0, 1, 0, - 21 + VAR_SMTPD_POLICY_IDLE, DEF_SMTPD_POLICY_IDLE, 0, 1, 0, - 21 + VAR_SMTPD_POLICY_TTL, DEF_SMTPD_POLICY_TTL, 0, 1, 0, - 21 + VAR_SMTPD_POLICY_TRY_DELAY, DEF_SMTPD_POLICY_TRY_DELAY, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_TMOUT, DEF_SMTPD_POLICY_TMOUT, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_IDLE, DEF_SMTPD_POLICY_IDLE, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_TTL, DEF_SMTPD_POLICY_TTL, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_TRY_DELAY, DEF_SMTPD_POLICY_TRY_DELAY, 0, 1, 0, 0, }; static ATTR_OVER_INT int_table[] = { - 21 + VAR_SMTPD_POLICY_REQ_LIMIT, 0, 0, 0, - 21 + VAR_SMTPD_POLICY_TRY_LIMIT, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_REQ_LIMIT, 0, 0, 0, + 21 + (const char *) VAR_SMTPD_POLICY_TRY_LIMIT, 0, 1, 0, 0, }; static ATTR_OVER_STR str_table[] = { - 21 + VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0, - 21 + VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0, + 21 + (const char *) VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0, 0, }; diff -ur --new-file /var/tmp/postfix-3.3.9/src/tls/tls_bio_ops.c ./src/tls/tls_bio_ops.c --- /var/tmp/postfix-3.3.9/src/tls/tls_bio_ops.c 2013-05-30 08:45:03.000000000 -0400 +++ ./src/tls/tls_bio_ops.c 2020-05-16 12:03:03.000000000 -0400 @@ -194,6 +194,13 @@ * handling any pending network I/O. */ for (;;) { + + /* + * Flush the per-thread SSL error queue. Otherwise, errors from other + * code that also uses TLS may confuse SSL_get_error(3). + */ + ERR_clear_error(); + if (hsfunc) status = hsfunc(TLScontext->con); else if (rfunc) diff -ur --new-file /var/tmp/postfix-3.3.9/src/tls/tls_session.c ./src/tls/tls_session.c --- /var/tmp/postfix-3.3.9/src/tls/tls_session.c 2019-06-25 08:34:24.000000000 -0400 +++ ./src/tls/tls_session.c 2020-05-12 19:18:42.000000000 -0400 @@ -113,7 +113,7 @@ * so we will not perform SSL_shutdown() and the session will be removed * as being bad. */ - if (!failure) { + if (!failure && !SSL_in_init(TLScontext->con)) { retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext); if (!var_tls_fast_shutdown && retval == 0) tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext); diff -ur --new-file /var/tmp/postfix-3.3.9/src/tlsproxy/tlsproxy.c ./src/tlsproxy/tlsproxy.c --- /var/tmp/postfix-3.3.9/src/tlsproxy/tlsproxy.c 2019-09-20 19:14:49.000000000 -0400 +++ ./src/tlsproxy/tlsproxy.c 2020-05-16 12:03:56.000000000 -0400 @@ -476,6 +476,7 @@ * pending read/write and timeout event requests. */ if (state->flags & TLSP_FLAG_DO_HANDSHAKE) { + ERR_clear_error(); ssl_stat = SSL_accept(tls_context->con); if (ssl_stat != 1) { handshake_err = SSL_get_error(tls_context->con, ssl_stat); @@ -510,6 +511,7 @@ if (NBBIO_ERROR_FLAGS(plaintext_buf)) { if (NBBIO_ACTIVE_FLAGS(plaintext_buf)) nbbio_disable_readwrite(state->plaintext_buf); + ERR_clear_error(); if (!SSL_in_init(tls_context->con) && (ssl_stat = SSL_shutdown(tls_context->con)) < 0) { handshake_err = SSL_get_error(tls_context->con, ssl_stat); @@ -536,6 +538,7 @@ */ ssl_write_err = SSL_ERROR_NONE; while (NBBIO_READ_PEND(plaintext_buf) > 0) { + ERR_clear_error(); ssl_stat = SSL_write(tls_context->con, NBBIO_READ_BUF(plaintext_buf), NBBIO_READ_PEND(plaintext_buf)); ssl_write_err = SSL_get_error(tls_context->con, ssl_stat); @@ -566,6 +569,7 @@ */ ssl_read_err = SSL_ERROR_NONE; while (NBBIO_WRITE_PEND(state->plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) { + ERR_clear_error(); ssl_stat = SSL_read(tls_context->con, NBBIO_WRITE_BUF(plaintext_buf) + NBBIO_WRITE_PEND(state->plaintext_buf), diff -ur --new-file /var/tmp/postfix-3.3.9/src/util/midna_domain.c ./src/util/midna_domain.c --- /var/tmp/postfix-3.3.9/src/util/midna_domain.c 2016-12-04 12:40:19.000000000 -0500 +++ ./src/util/midna_domain.c 2020-05-12 19:19:35.000000000 -0400 @@ -20,6 +20,8 @@ /* /* const char *midna_domain_suffix_to_utf8( /* const char *name) +/* AUXILIARY FUNCTIONS +/* void midna_domain_pre_chroot(void) /* DESCRIPTION /* The functions in this module transform domain names from/to /* ASCII and UTF-8 form. The result is cached to avoid repeated @@ -52,6 +54,8 @@ /* /* midna_domain_transitional enables transitional conversion /* between UTF8 and ASCII labels. +/* +/* midna_domain_pre_chroot() does some pre-chroot initialization. /* SEE ALSO /* http://unicode.org/reports/tr46/ Unicode IDNA Compatibility processing /* msg(3) diagnostics interface @@ -144,6 +148,22 @@ } } +/* midna_domain_pre_chroot - pre-chroot initialization */ + +void midna_domain_pre_chroot(void) +{ + UErrorCode error = U_ZERO_ERROR; + UIDNAInfo info = UIDNA_INFO_INITIALIZER; + UIDNA *idna; + + idna = uidna_openUTS46(midna_domain_transitional ? UIDNA_DEFAULT + : UIDNA_NONTRANSITIONAL_TO_ASCII, &error); + if (U_FAILURE(error)) + msg_warn("ICU library initialization failed: %s", + midna_domain_strerror(error, info.errors)); + uidna_close(idna); +} + /* midna_domain_to_ascii_create - convert domain to ASCII */ static void *midna_domain_to_ascii_create(const char *name, void *unused_context) @@ -327,6 +347,7 @@ /* * Test program - reads names from stdin, reports invalid names to stderr. */ +#include #include #include @@ -350,6 +371,11 @@ /* msg_verbose = 1; */ util_utf8_enable = 1; + if (geteuid() == 0) { + midna_domain_pre_chroot(); + if (chroot(".") != 0) + msg_fatal("chroot(\".\"): %m"); + } while (vstring_fgets_nonl(buffer, VSTREAM_IN)) { bp = STR(buffer); msg_info("> %s", bp); diff -ur --new-file /var/tmp/postfix-3.3.9/src/util/midna_domain.h ./src/util/midna_domain.h --- /var/tmp/postfix-3.3.9/src/util/midna_domain.h 2016-11-05 18:38:56.000000000 -0400 +++ ./src/util/midna_domain.h 2020-05-12 19:19:35.000000000 -0400 @@ -18,6 +18,7 @@ extern const char *midna_domain_to_utf8(const char *); extern const char *midna_domain_suffix_to_ascii(const char *); extern const char *midna_domain_suffix_to_utf8(const char *); +extern void midna_domain_pre_chroot(void); extern int midna_domain_cache_size; extern int midna_domain_transitional;