Rename the current logfile by appending a suffix that contains the date and time. This suffix is configured with the -maillog_file_rotate_suffix parameter (default: %Y%M%d-%H%M%S).
+maillog_file_rotate_suffix parameter (default: %Y%m%d-%H%M%S).Reload Postfix so that postlogd(8) immediately closes the old logfile.
diff -ur --new-file /var/tmp/postfix-3.4.11/html/postconf.5.html ./html/postconf.5.html --- /var/tmp/postfix-3.4.11/html/postconf.5.html 2019-06-29 09:33:39.000000000 -0400 +++ ./html/postconf.5.html 2020-05-09 16:21:56.000000000 -0400 @@ -6284,7 +6284,7 @@The format of the suffix to append to $maillog_file while rotating the file with "postfix logrotate". See strftime(3) for syntax. The diff -ur --new-file /var/tmp/postfix-3.4.11/html/postfix.1.html ./html/postfix.1.html --- /var/tmp/postfix-3.4.11/html/postfix.1.html 2019-02-01 07:23:33.000000000 -0500 +++ ./html/postfix.1.html 2020-05-09 16:21:56.000000000 -0400 @@ -285,7 +285,7 @@ maillog_file_prefixes (/var, /dev/stdout) A list of allowed prefixes for a maillog_file value. - maillog_file_rotate_suffix (%Y%M%d-%H%M%S) + maillog_file_rotate_suffix (%Y%m%d-%H%M%S) The format of the suffix to append to $maillog_file while rotat- ing the file with "postfix logrotate". diff -ur --new-file /var/tmp/postfix-3.4.11/makedefs ./makedefs --- /var/tmp/postfix-3.4.11/makedefs 2020-04-18 11:22:53.000000000 -0400 +++ ./makedefs 2020-05-06 10:10:41.000000000 -0400 @@ -228,6 +228,19 @@ *) echo usage: $0 [system release] 1>&2; exit 1;; esac +case "$SYSTEM" in + Linux) + case "`PATH=/bin:/usr/bin ldd /bin/sh`" in + *-musl-*) + case "$CCARGS" in + *-DNO_DNSSEC*) ;; + *) echo Warning: libc-musl breaks DANE/TLSA security. 1>&2 + echo This build will not support DANE/TLSA. 1>&2 + CCARGS="$CCARGS -DNO_DNSSEC";; + esac;; + esac;; +esac + case "$SYSTEM.$RELEASE" in SCO_SV.3.2) SYSTYPE=SCO5 # Use the native compiler by default diff -ur --new-file /var/tmp/postfix-3.4.11/man/man1/postfix.1 ./man/man1/postfix.1 --- /var/tmp/postfix-3.4.11/man/man1/postfix.1 2019-02-01 07:23:32.000000000 -0500 +++ ./man/man1/postfix.1 2020-05-12 19:29:36.000000000 -0400 @@ -252,7 +252,7 @@ logrotate". .IP "\fBmaillog_file_prefixes (/var, /dev/stdout)\fR" A list of allowed prefixes for a maillog_file value. -.IP "\fBmaillog_file_rotate_suffix (%Y%M%d\-%H%M%S)\fR" +.IP "\fBmaillog_file_rotate_suffix (%Y%m%d\-%H%M%S)\fR" The format of the suffix to append to $maillog_file while rotating the file with "postfix logrotate". .IP "\fBpostlog_service_name (postlog)\fR" diff -ur --new-file /var/tmp/postfix-3.4.11/man/man5/postconf.5 ./man/man5/postconf.5 --- /var/tmp/postfix-3.4.11/man/man5/postconf.5 2019-06-29 09:33:39.000000000 -0400 +++ ./man/man5/postconf.5 2020-05-12 19:29:36.000000000 -0400 @@ -3775,7 +3775,7 @@ whitespace. .PP This feature is available in Postfix 3.4 and later. -.SH maillog_file_rotate_suffix (default: %Y%M%d\-%H%M%S) +.SH maillog_file_rotate_suffix (default: %Y%m%d\-%H%M%S) The format of the suffix to append to $maillog_file while rotating the file with "postfix logrotate". See \fBstrftime\fR(3) for syntax. The default suffix, YYYYMMDD\-HHMMSS, allows logs to be rotated frequently. diff -ur --new-file /var/tmp/postfix-3.4.11/proto/MAILLOG_README.html ./proto/MAILLOG_README.html --- /var/tmp/postfix-3.4.11/proto/MAILLOG_README.html 2019-02-03 16:26:05.000000000 -0500 +++ ./proto/MAILLOG_README.html 2020-05-09 16:21:56.000000000 -0400 @@ -114,7 +114,7 @@
Rename the current logfile by appending a suffix that contains the date and time. This suffix is configured with the -maillog_file_rotate_suffix parameter (default: %Y%M%d-%H%M%S).
+maillog_file_rotate_suffix parameter (default: %Y%m%d-%H%M%S).Reload Postfix so that postlogd(8) immediately closes the old logfile.
diff -ur --new-file /var/tmp/postfix-3.4.11/proto/postconf.proto ./proto/postconf.proto --- /var/tmp/postfix-3.4.11/proto/postconf.proto 2019-06-28 17:19:58.000000000 -0400 +++ ./proto/postconf.proto 2020-05-09 16:21:56.000000000 -0400 @@ -17611,7 +17611,7 @@This feature is available in Postfix 3.4 and later.
-%PARAM maillog_file_rotate_suffix %Y%M%d-%H%M%S +%PARAM maillog_file_rotate_suffix %Y%m%d-%H%M%S The format of the suffix to append to $maillog_file while rotating
the file with "postfix logrotate". See strftime(3) for syntax. The
diff -ur --new-file /var/tmp/postfix-3.4.11/src/global/mail_params.c ./src/global/mail_params.c
--- /var/tmp/postfix-3.4.11/src/global/mail_params.c 2019-01-31 17:34:41.000000000 -0500
+++ ./src/global/mail_params.c 2020-05-12 19:15:37.000000000 -0400
@@ -868,6 +868,8 @@
var_smtputf8_enable = 0;
#else
midna_domain_transitional = var_idna2003_compat;
+ if (var_smtputf8_enable)
+ midna_domain_pre_chroot();
#endif
util_utf8_enable = var_smtputf8_enable;
diff -ur --new-file /var/tmp/postfix-3.4.11/src/global/mail_params.h ./src/global/mail_params.h
--- /var/tmp/postfix-3.4.11/src/global/mail_params.h 2019-07-23 18:46:37.000000000 -0400
+++ ./src/global/mail_params.h 2020-05-09 16:21:56.000000000 -0400
@@ -4178,7 +4178,7 @@
extern char *var_maillog_file_comp;
#define VAR_MAILLOG_FILE_STAMP "maillog_file_rotate_suffix"
-#define DEF_MAILLOG_FILE_STAMP "%Y%M%d-%H%M%S"
+#define DEF_MAILLOG_FILE_STAMP "%Y%m%d-%H%M%S"
extern char *var_maillog_file_stamp;
#define VAR_POSTLOG_SERVICE "postlog_service_name"
diff -ur --new-file /var/tmp/postfix-3.4.11/src/milter/milter.c ./src/milter/milter.c
--- /var/tmp/postfix-3.4.11/src/milter/milter.c 2020-02-02 12:37:46.000000000 -0500
+++ ./src/milter/milter.c 2020-04-20 18:14:22.000000000 -0400
@@ -620,14 +620,14 @@
* names by skipping the redundant "milter_" prefix.
*/
static ATTR_OVER_TIME time_table[] = {
- 7 + VAR_MILT_CONN_TIME, DEF_MILT_CONN_TIME, 0, 1, 0,
- 7 + VAR_MILT_CMD_TIME, DEF_MILT_CMD_TIME, 0, 1, 0,
- 7 + VAR_MILT_MSG_TIME, DEF_MILT_MSG_TIME, 0, 1, 0,
+ 7 + (const char *) VAR_MILT_CONN_TIME, DEF_MILT_CONN_TIME, 0, 1, 0,
+ 7 + (const char *) VAR_MILT_CMD_TIME, DEF_MILT_CMD_TIME, 0, 1, 0,
+ 7 + (const char *) VAR_MILT_MSG_TIME, DEF_MILT_MSG_TIME, 0, 1, 0,
0,
};
static ATTR_OVER_STR str_table[] = {
- 7 + VAR_MILT_PROTOCOL, 0, 1, 0,
- 7 + VAR_MILT_DEF_ACTION, 0, 1, 0,
+ 7 + (const char *) VAR_MILT_PROTOCOL, 0, 1, 0,
+ 7 + (const char *) VAR_MILT_DEF_ACTION, 0, 1, 0,
0,
};
diff -ur --new-file /var/tmp/postfix-3.4.11/src/postfix/postfix.c ./src/postfix/postfix.c
--- /var/tmp/postfix-3.4.11/src/postfix/postfix.c 2019-02-01 07:23:22.000000000 -0500
+++ ./src/postfix/postfix.c 2020-05-09 16:21:56.000000000 -0400
@@ -242,7 +242,7 @@
/* logrotate".
/* .IP "\fBmaillog_file_prefixes (/var, /dev/stdout)\fR"
/* A list of allowed prefixes for a maillog_file value.
-/* .IP "\fBmaillog_file_rotate_suffix (%Y%M%d-%H%M%S)\fR"
+/* .IP "\fBmaillog_file_rotate_suffix (%Y%m%d-%H%M%S)\fR"
/* The format of the suffix to append to $maillog_file while rotating
/* the file with "postfix logrotate".
/* .IP "\fBpostlog_service_name (postlog)\fR"
diff -ur --new-file /var/tmp/postfix-3.4.11/src/smtpd/smtpd_check.c ./src/smtpd/smtpd_check.c
--- /var/tmp/postfix-3.4.11/src/smtpd/smtpd_check.c 2019-03-12 08:28:20.000000000 -0400
+++ ./src/smtpd/smtpd_check.c 2020-05-05 18:34:05.000000000 -0400
@@ -483,20 +483,20 @@
* parameter names by skipping the redundant "smtpd_policy_service_" prefix.
*/
static ATTR_OVER_TIME time_table[] = {
- 21 + VAR_SMTPD_POLICY_TMOUT, DEF_SMTPD_POLICY_TMOUT, 0, 1, 0,
- 21 + VAR_SMTPD_POLICY_IDLE, DEF_SMTPD_POLICY_IDLE, 0, 1, 0,
- 21 + VAR_SMTPD_POLICY_TTL, DEF_SMTPD_POLICY_TTL, 0, 1, 0,
- 21 + VAR_SMTPD_POLICY_TRY_DELAY, DEF_SMTPD_POLICY_TRY_DELAY, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_TMOUT, DEF_SMTPD_POLICY_TMOUT, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_IDLE, DEF_SMTPD_POLICY_IDLE, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_TTL, DEF_SMTPD_POLICY_TTL, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_TRY_DELAY, DEF_SMTPD_POLICY_TRY_DELAY, 0, 1, 0,
0,
};
static ATTR_OVER_INT int_table[] = {
- 21 + VAR_SMTPD_POLICY_REQ_LIMIT, 0, 0, 0,
- 21 + VAR_SMTPD_POLICY_TRY_LIMIT, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_REQ_LIMIT, 0, 0, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_TRY_LIMIT, 0, 1, 0,
0,
};
static ATTR_OVER_STR str_table[] = {
- 21 + VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0,
- 21 + VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0,
+ 21 + (const char *) VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0,
0,
};
diff -ur --new-file /var/tmp/postfix-3.4.11/src/tls/tls_bio_ops.c ./src/tls/tls_bio_ops.c
--- /var/tmp/postfix-3.4.11/src/tls/tls_bio_ops.c 2013-05-30 08:45:03.000000000 -0400
+++ ./src/tls/tls_bio_ops.c 2020-05-16 11:48:08.000000000 -0400
@@ -194,6 +194,13 @@
* handling any pending network I/O.
*/
for (;;) {
+
+ /*
+ * Flush the per-thread SSL error queue. Otherwise, errors from other
+ * code that also uses TLS may confuse SSL_get_error(3).
+ */
+ ERR_clear_error();
+
if (hsfunc)
status = hsfunc(TLScontext->con);
else if (rfunc)
diff -ur --new-file /var/tmp/postfix-3.4.11/src/tls/tls_session.c ./src/tls/tls_session.c
--- /var/tmp/postfix-3.4.11/src/tls/tls_session.c 2019-06-25 08:05:54.000000000 -0400
+++ ./src/tls/tls_session.c 2020-05-12 19:17:34.000000000 -0400
@@ -118,7 +118,7 @@
* so we will not perform SSL_shutdown() and the session will be removed
* as being bad.
*/
- if (!failure) {
+ if (!failure && !SSL_in_init(TLScontext->con)) {
retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
if (!var_tls_fast_shutdown && retval == 0)
tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
diff -ur --new-file /var/tmp/postfix-3.4.11/src/tlsproxy/tlsproxy.c ./src/tlsproxy/tlsproxy.c
--- /var/tmp/postfix-3.4.11/src/tlsproxy/tlsproxy.c 2019-09-14 18:43:05.000000000 -0400
+++ ./src/tlsproxy/tlsproxy.c 2020-05-16 11:49:04.000000000 -0400
@@ -781,6 +781,7 @@
*/
if (state->flags & TLSP_FLAG_DO_HANDSHAKE) {
state->timeout = state->handshake_timeout;
+ ERR_clear_error();
if (state->is_server_role)
ssl_stat = SSL_accept(tls_context->con);
else
@@ -809,6 +810,7 @@
if (NBBIO_ERROR_FLAGS(plaintext_buf)) {
if (NBBIO_ACTIVE_FLAGS(plaintext_buf))
nbbio_disable_readwrite(state->plaintext_buf);
+ ERR_clear_error();
if (!SSL_in_init(tls_context->con)
&& (ssl_stat = SSL_shutdown(tls_context->con)) < 0) {
handshake_err = SSL_get_error(tls_context->con, ssl_stat);
@@ -835,6 +837,7 @@
*/
ssl_write_err = SSL_ERROR_NONE;
while (NBBIO_READ_PEND(plaintext_buf) > 0) {
+ ERR_clear_error();
ssl_stat = SSL_write(tls_context->con, NBBIO_READ_BUF(plaintext_buf),
NBBIO_READ_PEND(plaintext_buf));
ssl_write_err = SSL_get_error(tls_context->con, ssl_stat);
@@ -865,6 +868,7 @@
*/
ssl_read_err = SSL_ERROR_NONE;
while (NBBIO_WRITE_PEND(state->plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) {
+ ERR_clear_error();
ssl_stat = SSL_read(tls_context->con,
NBBIO_WRITE_BUF(plaintext_buf)
+ NBBIO_WRITE_PEND(state->plaintext_buf),
@@ -1489,16 +1493,15 @@
TLSP_INIT_TIMEOUT, (void *) state);
}
-/* pre_jail_init - pre-jail initialization */
+/* pre_jail_init_server - pre-jail initialization */
-static void pre_jail_init(char *unused_name, char **unused_argv)
+static void pre_jail_init_server(void)
{
TLS_SERVER_INIT_PROPS props;
const char *cert_file;
int have_server_cert;
int no_server_cert_ok;
int require_server_cert;
- int clnt_use_tls;
/*
* The code in this routine is pasted literally from smtpd(8). I am not
@@ -1531,7 +1534,7 @@
}
var_tlsp_use_tls = var_tlsp_use_tls || var_tlsp_enforce_tls;
if (!var_tlsp_use_tls) {
- msg_warn("TLS service is requested, but disabled with %s or %s",
+ msg_warn("TLS server role is disabled with %s or %s",
VAR_TLSP_TLS_LEVEL, VAR_TLSP_USE_TLS);
return;
}
@@ -1622,6 +1625,13 @@
SSL_CTX_set_mode(tlsp_server_ctx->ssl_ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE
| SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+}
+
+/* pre_jail_init_client - pre-jail initialization */
+
+static void pre_jail_init_client(void)
+{
+ int clnt_use_tls;
/*
* The cache with TLS_APPL_STATE instances for different TLS_CLIENT_INIT
@@ -1733,6 +1743,18 @@
msg_warn("TLS client initialization failed");
}
}
+}
+
+/* pre_jail_init - pre-jail initialization */
+
+static void pre_jail_init(char *unused_name, char **unused_argv)
+{
+
+ /*
+ * Initialize roles separately.
+ */
+ pre_jail_init_server();
+ pre_jail_init_client();
/*
* tlsp_client_init() needs to know if it is called pre-jail or
diff -ur --new-file /var/tmp/postfix-3.4.11/src/util/midna_domain.c ./src/util/midna_domain.c
--- /var/tmp/postfix-3.4.11/src/util/midna_domain.c 2016-12-04 12:40:19.000000000 -0500
+++ ./src/util/midna_domain.c 2020-05-12 19:15:37.000000000 -0400
@@ -20,6 +20,8 @@
/*
/* const char *midna_domain_suffix_to_utf8(
/* const char *name)
+/* AUXILIARY FUNCTIONS
+/* void midna_domain_pre_chroot(void)
/* DESCRIPTION
/* The functions in this module transform domain names from/to
/* ASCII and UTF-8 form. The result is cached to avoid repeated
@@ -52,6 +54,8 @@
/*
/* midna_domain_transitional enables transitional conversion
/* between UTF8 and ASCII labels.
+/*
+/* midna_domain_pre_chroot() does some pre-chroot initialization.
/* SEE ALSO
/* http://unicode.org/reports/tr46/ Unicode IDNA Compatibility processing
/* msg(3) diagnostics interface
@@ -144,6 +148,22 @@
}
}
+/* midna_domain_pre_chroot - pre-chroot initialization */
+
+void midna_domain_pre_chroot(void)
+{
+ UErrorCode error = U_ZERO_ERROR;
+ UIDNAInfo info = UIDNA_INFO_INITIALIZER;
+ UIDNA *idna;
+
+ idna = uidna_openUTS46(midna_domain_transitional ? UIDNA_DEFAULT
+ : UIDNA_NONTRANSITIONAL_TO_ASCII, &error);
+ if (U_FAILURE(error))
+ msg_warn("ICU library initialization failed: %s",
+ midna_domain_strerror(error, info.errors));
+ uidna_close(idna);
+}
+
/* midna_domain_to_ascii_create - convert domain to ASCII */
static void *midna_domain_to_ascii_create(const char *name, void *unused_context)
@@ -327,6 +347,7 @@
/*
* Test program - reads names from stdin, reports invalid names to stderr.
*/
+#include