Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
As with the 3.4.7 update for buster, I'd like to update the 3.1 series to 3.1.14 for stretch. I have this running on multiple systems that I haven't upgraded yet and it's working fine. Please see debdiff for details. This is mostly a subset of the 3.4.6/3.4.7 changes that apply to 3.1. Scott K
diff -Nru postfix-3.1.12/debian/changelog postfix-3.1.14/debian/changelog --- postfix-3.1.12/debian/changelog 2019-03-25 01:01:51.000000000 -0400 +++ postfix-3.1.14/debian/changelog 2019-09-23 00:22:15.000000000 -0400 @@ -1,3 +1,57 @@ +postfix (3.1.14-0+deb9u1) stretch; urgency=medium + + [Wietse Venema] + + * 3.1.13 + - Bugfix (introduced: Postfix 2.3): a censoring filter broke + multiline Milter responses for header/body events. Problem + report by Andreas Thienemann. Files: util/printable.c, + util/stringops.h, smtpd/smtpd.c + - Workaround for implementations that hang Postfix while + shutting down a TLS session, until Postfix times out. With + "tls_fast_shutdown_enable = yes" (the default), Postfix no + longer waits for the TLS peer to respond to a TLS 'close' + request. This is recommended with TLSv1.0 and later. Files: + global/mail_params.h, tls/tls_session.c, and documentation. + - Bugfix (introduced: Postfix 3.0): the code to reset Postfix + SMTP server command counts was not called after a HaProxy + handshake failure, causing stale numbers to be reported. + The command counts are now reset in the function that reports + the counts. File: smtpd/smtpd.c + * 3.1.14 + - Bugfix: the documentation said tls_fast_shutdown_enable, + but the code said tls_fast_shutdown. Viktor Dukhovni. Changed + the code because no-one is expected to override the default. + File: global/mail_params.h. + - Workaround for poor TCP loopback performance on LINUX, where + getsockopt(..., TCP_MAXSEG, ..) reports a TCP maximal segment + size that is 1/2 to 1/3 of the MTU. For example, with kernel + 5.1.16-300.fc30.x86_64 the TCP client and server announce + an mss of 65495 in the TCP handshake, but getsockopt() + returns 32741 (less than half). As a matter of principle, + Postfix won't turn on client-side TCP_NODELAY because that + hides application performance bugs, and because that still + suffers from server-side delayed ACKs. Instead, Postfix + avoids sending "small" writes back-to-back, by choosing a + VSTREAM buffer size that is a multiple of the reported MSS. + This workaround bumps the multiplier from 2x to 4x. File: + util/vstream_tweak.c. + - Bugfix (introduced: 20051222): the Dovecot client could + segfault (null pointer read) or cause an SMTP server assertion + to fail when talking to a fake Dovecot server. The client + now logs a proper error instead. Problem reported by Tim + Düsterhus. File: xsasl/xsasl_dovecot_server.c. + - Bitrot: don't invoke SSL_shutdown() when the SSL engine + thinks it is processing a TLS handshake. The commit at + https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59 + changed the error status, incompatibly, from SSL_ERROR_NONE + into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c. + - Bugfix (introduced: Postfix-2.9.0): null pointer read, while + logging a warning after a postscreen_command_filter read + error. File: postscreen/postscreen_smtpd.c. + + -- Scott Kitterman <sc...@kitterman.com> Mon, 23 Sep 2019 00:22:15 -0400 + postfix (3.1.12-0+deb9u1) stretch; urgency=medium [Scott Kitterman] diff -Nru postfix-3.1.12/debian/patches/10_openssl_version_check.diff postfix-3.1.14/debian/patches/10_openssl_version_check.diff --- postfix-3.1.12/debian/patches/10_openssl_version_check.diff 2019-03-25 01:01:51.000000000 -0400 +++ postfix-3.1.14/debian/patches/10_openssl_version_check.diff 2019-09-23 00:22:15.000000000 -0400 @@ -1,8 +1,8 @@ -Index: postfix-dev/src/tls/tls_misc.c +Index: postfix/src/tls/tls_misc.c =================================================================== ---- postfix-dev.orig/src/tls/tls_misc.c 2019-03-25 01:13:48.562959283 -0400 -+++ postfix-dev/src/tls/tls_misc.c 2019-03-25 01:15:15.170961131 -0400 -@@ -1252,26 +1252,7 @@ +--- postfix.orig/src/tls/tls_misc.c ++++ postfix/src/tls/tls_misc.c +@@ -1255,26 +1255,7 @@ static void tls_version_split(unsigned l void tls_check_version(void) { diff -Nru postfix-3.1.12/HISTORY postfix-3.1.14/HISTORY --- postfix-3.1.12/HISTORY 2019-03-29 08:13:24.000000000 -0400 +++ postfix-3.1.14/HISTORY 2019-09-21 11:55:11.000000000 -0400 @@ -22490,3 +22490,72 @@ could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. + +20190403 + + Bugfix (introduced: Postfix 2.3): a censoring filter broke + multiline Milter responses for header/body events. Problem + report by Andreas Thienemann. Files: util/printable.c, + util/stringops.h, smtpd/smtpd.c + +20190615 + + Workaround for implementations that hang Postfix while + shutting down a TLS session, until Postfix times out. With + "tls_fast_shutdown_enable = yes" (the default), Postfix no + longer waits for the TLS peer to respond to a TLS 'close' + request. This is recommended with TLSv1.0 and later. Files: + global/mail_params.h, tls/tls_session.c, and documentation. + +20190621 + + Bugfix (introduced: Postfix 3.0): the code to reset Postfix + SMTP server command counts was not called after a HaProxy + handshake failure, causing stale numbers to be reported. + The command counts are now reset in the function that reports + the counts. File: smtpd/smtpd.c. + +20190723 + + Bugfix: the documentation said tls_fast_shutdown_enable, + but the code said tls_fast_shutdown. Viktor Dukhovni. Changed + the code because no-one is expected to override the default. + File: global/mail_params.h. + +20190820 + + Workaround for poor TCP loopback performance on LINUX, where + getsockopt(..., TCP_MAXSEG, ..) reports a TCP maximal segment + size that is 1/2 to 1/3 of the MTU. For example, with kernel + 5.1.16-300.fc30.x86_64 the TCP client and server announce + an mss of 65495 in the TCP handshake, but getsockopt() + returns 32741 (less than half). As a matter of principle, + Postfix won't turn on client-side TCP_NODELAY because that + hides application performance bugs, and because that still + suffers from server-side delayed ACKs. Instead, Postfix + avoids sending "small" writes back-to-back, by choosing a + VSTREAM buffer size that is a multiple of the reported MSS. + This workaround bumps the multiplier from 2x to 4x. File: + util/vstream_tweak.c. + +20190825 + + Bugfix (introduced: 20051222): the Dovecot client could + segfault (null pointer read) or cause an SMTP server assertion + to fail when talking to a fake Dovecot server. The client + now logs a proper error instead. Problem reported by Tim + Düsterhus. File: xsasl/xsasl_dovecot_server.c. + +20190914 + + Bitrot: don't invoke SSL_shutdown() when the SSL engine + thinks it is processing a TLS handshake. The commit at + https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59 + changed the error status, incompatibly, from SSL_ERROR_NONE + into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c. + +20190921 (backport from Postfix >= 3.4) + + Bugfix (introduced: Postfix-2.9.0): null pointer read, while + logging a warning after a postscreen_command_filter read + error. File: postscreen/postscreen_smtpd.c. diff -Nru postfix-3.1.12/html/lmtp.8.html postfix-3.1.14/html/lmtp.8.html --- postfix-3.1.12/html/lmtp.8.html 2016-02-13 20:09:40.000000000 -0500 +++ postfix-3.1.14/html/lmtp.8.html 2019-06-29 18:46:17.000000000 -0400 @@ -569,6 +569,12 @@ nexthop destination security level is <b>dane</b>, but the MX record was found via an "insecure" MX lookup. + Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: + + <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b> + A workaround for implementations that hang Postfix while shuting + down a TLS session, until Postfix times out. + <b>OBSOLETE STARTTLS CONTROLS</b> The following configuration parameters exist for compatibility with Postfix versions before 2.3. Support for these will be removed in a diff -Nru postfix-3.1.12/html/postconf.5.html postfix-3.1.14/html/postconf.5.html --- postfix-3.1.12/html/postconf.5.html 2018-11-10 19:09:43.000000000 -0500 +++ postfix-3.1.14/html/postconf.5.html 2019-06-29 09:34:14.000000000 -0400 @@ -17760,6 +17760,21 @@ </DD> +<DT><b><a name="tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> +(default: yes)</b></DT><DD> + +<p> A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. With this enabled, +Postfix will not wait for the remote TLS peer to respond to a TLS +'close' notification. This behavior is recommended for TLSv1.0 and +later. </p> + +<p> This feature was introduced with Postfix 3.4.6, 3.3.5, 3.2.10, +and 3.1.13. </p> + + +</DD> + <DT><b><a name="tls_high_cipherlist">tls_high_cipherlist</a> (default: see "postconf -d" output)</b></DT><DD> diff -Nru postfix-3.1.12/html/smtp.8.html postfix-3.1.14/html/smtp.8.html --- postfix-3.1.12/html/smtp.8.html 2016-02-13 20:09:40.000000000 -0500 +++ postfix-3.1.14/html/smtp.8.html 2019-06-29 18:46:17.000000000 -0400 @@ -569,6 +569,12 @@ nexthop destination security level is <b>dane</b>, but the MX record was found via an "insecure" MX lookup. + Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: + + <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b> + A workaround for implementations that hang Postfix while shuting + down a TLS session, until Postfix times out. + <b>OBSOLETE STARTTLS CONTROLS</b> The following configuration parameters exist for compatibility with Postfix versions before 2.3. Support for these will be removed in a diff -Nru postfix-3.1.12/html/smtpd.8.html postfix-3.1.14/html/smtpd.8.html --- postfix-3.1.12/html/smtpd.8.html 2018-11-17 18:11:07.000000000 -0500 +++ postfix-3.1.14/html/smtpd.8.html 2019-06-29 18:48:21.000000000 -0400 @@ -559,6 +559,12 @@ <b>aes-128-cbc)</b> Algorithm used to encrypt <a href="http://tools.ietf.org/html/rfc5077";>RFC5077</a> TLS session tickets. + Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: + + <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b> + A workaround for implementations that hang Postfix while shuting + down a TLS session, until Postfix times out. + <b>OBSOLETE STARTTLS CONTROLS</b> The following configuration parameters exist for compatibility with Postfix versions before 2.3. Support for these will be removed in a diff -Nru postfix-3.1.12/html/tlsproxy.8.html postfix-3.1.14/html/tlsproxy.8.html --- postfix-3.1.12/html/tlsproxy.8.html 2018-11-04 18:05:37.000000000 -0500 +++ postfix-3.1.14/html/tlsproxy.8.html 2019-06-29 18:49:28.000000000 -0400 @@ -159,6 +159,12 @@ <b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b> The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>. + Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: + + <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b> + A workaround for implementations that hang Postfix while shuting + down a TLS session, until Postfix times out. + <b>OBSOLETE STARTTLS SUPPORT CONTROLS</b> These parameters are supported for compatibility with <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy parameters. diff -Nru postfix-3.1.12/man/man5/postconf.5 postfix-3.1.14/man/man5/postconf.5 --- postfix-3.1.12/man/man5/postconf.5 2018-11-10 19:09:43.000000000 -0500 +++ postfix-3.1.14/man/man5/postconf.5 2019-06-29 09:34:14.000000000 -0400 @@ -12249,6 +12249,15 @@ encouraged to not change this setting. .PP This feature is available in Postfix 2.3 and later. +.SH tls_fast_shutdown_enable (default: yes) +A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. With this enabled, +Postfix will not wait for the remote TLS peer to respond to a TLS +'close' notification. This behavior is recommended for TLSv1.0 and +later. +.PP +This feature was introduced with Postfix 3.4.6, 3.3.5, 3.2.10, +and 3.1.13. .SH tls_high_cipherlist (default: see "postconf \-d" output) The OpenSSL cipherlist for "high" grade ciphers. This defines the meaning of the "high" setting in smtpd_tls_ciphers, diff -Nru postfix-3.1.12/man/man8/smtp.8 postfix-3.1.14/man/man8/smtp.8 --- postfix-3.1.12/man/man8/smtp.8 2016-02-13 20:09:40.000000000 -0500 +++ postfix-3.1.14/man/man8/smtp.8 2019-06-29 09:34:14.000000000 -0400 @@ -504,6 +504,11 @@ The TLS policy for MX hosts with "secure" TLSA records when the nexthop destination security level is \fBdane\fR, but the MX record was found via an "insecure" MX lookup. +.PP +Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +.IP "\fBtls_fast_shutdown_enable (yes)\fR" +A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. .SH "OBSOLETE STARTTLS CONTROLS" .na .nf diff -Nru postfix-3.1.12/man/man8/smtpd.8 postfix-3.1.14/man/man8/smtpd.8 --- postfix-3.1.12/man/man8/smtpd.8 2018-11-17 18:11:07.000000000 -0500 +++ postfix-3.1.14/man/man8/smtpd.8 2019-06-29 09:34:14.000000000 -0400 @@ -502,6 +502,11 @@ Available in Postfix version 3.0 and later: .IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc)\fR" Algorithm used to encrypt RFC5077 TLS session tickets. +.PP +Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +.IP "\fBtls_fast_shutdown_enable (yes)\fR" +A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. .SH "OBSOLETE STARTTLS CONTROLS" .na .nf diff -Nru postfix-3.1.12/man/man8/tlsproxy.8 postfix-3.1.14/man/man8/tlsproxy.8 --- postfix-3.1.12/man/man8/tlsproxy.8 2018-11-04 18:05:37.000000000 -0500 +++ postfix-3.1.14/man/man8/tlsproxy.8 2019-06-29 09:34:15.000000000 -0400 @@ -152,6 +152,11 @@ Available in Postfix version 2.11 and later: .IP "\fBtlsmgr_service_name (tlsmgr)\fR" The name of the \fBtlsmgr\fR(8) service entry in master.cf. +.PP +Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +.IP "\fBtls_fast_shutdown_enable (yes)\fR" +A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. .SH "OBSOLETE STARTTLS SUPPORT CONTROLS" .na .nf diff -Nru postfix-3.1.12/mantools/postlink postfix-3.1.14/mantools/postlink --- postfix-3.1.12/mantools/postlink 2016-02-08 17:34:51.000000000 -0500 +++ postfix-3.1.14/mantools/postlink 2019-06-25 17:20:41.000000000 -0400 @@ -748,6 +748,7 @@ s;\btls_wildcard_matches_multiple_labels\b;<a href="postconf.5.html#tls_wildcard_matches_multiple_labels">$&</a>;g; s;\btls_session_ticket_cipher\b;<a href="postconf.5.html#tls_session_ticket_cipher">$&</a>;g; s;\btls_ssl_options\b;<a href="postconf.5.html#tls_ssl_options">$&</a>;g; + s;\btls_fast_shutdown_enable\b;<a href="postconf.5.html#tls_fast_shutdown_enable">$&</a>;g; s;\bfrozen_delivered_to\b;<a href="postconf.5.html#frozen_delivered_to">$&</a>;g; s;\breset_owner_alias\b;<a href="postconf.5.html#reset_owner_alias">$&</a>;g; diff -Nru postfix-3.1.12/proto/postconf.proto postfix-3.1.14/proto/postconf.proto --- postfix-3.1.12/proto/postconf.proto 2018-11-10 19:09:28.000000000 -0500 +++ postfix-3.1.14/proto/postconf.proto 2019-06-28 17:19:45.000000000 -0400 @@ -16115,6 +16115,17 @@ <p> This feature is available in Postfix 3.0 and later. </p> +%PARAM tls_fast_shutdown_enable yes + +<p> A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. With this enabled, +Postfix will not wait for the remote TLS peer to respond to a TLS +'close' notification. This behavior is recommended for TLSv1.0 and +later. </p> + +<p> This feature was introduced with Postfix 3.4.6, 3.3.5, 3.2.10, +and 3.1.13. </p> + %PARAM default_delivery_status_filter <p> Optional filter to replace the delivery status code or explanatory diff -Nru postfix-3.1.12/README_FILES/RELEASE_NOTES postfix-3.1.14/README_FILES/RELEASE_NOTES --- postfix-3.1.12/README_FILES/RELEASE_NOTES 2016-10-01 19:36:03.000000000 -0400 +++ postfix-3.1.14/README_FILES/RELEASE_NOTES 2019-06-27 19:38:01.000000000 -0400 @@ -16,6 +16,16 @@ If you upgrade from Postfix 2.11 or earlier, read RELEASE_NOTES-3.0 before proceeding. +TLS Workaround for Postfix 3.4.6, 3.3.5, 3.2.10 and 3.1.13 +----------------------------------------------------------- + +This release introduces a workaround for implementations that hang +Postfix while shutting down a TLS session, until Postfix times out. +With "tls_fast_shutdown_enable = yes" (the default), Postfix no +longer waits for a remote TLS peer to respond to a TLS 'close' +request. This behavior is recommended with TLSv1.0 and later. Specify +"tls_fast_shutdown_enable = no" to get historical Postfix behavior. + Workaround - UTF8 support in Postfix MySQL queries -------------------------------------------------- diff -Nru postfix-3.1.12/RELEASE_NOTES postfix-3.1.14/RELEASE_NOTES --- postfix-3.1.12/RELEASE_NOTES 2016-10-01 19:36:03.000000000 -0400 +++ postfix-3.1.14/RELEASE_NOTES 2019-06-27 19:38:01.000000000 -0400 @@ -16,6 +16,16 @@ If you upgrade from Postfix 2.11 or earlier, read RELEASE_NOTES-3.0 before proceeding. +TLS Workaround for Postfix 3.4.6, 3.3.5, 3.2.10 and 3.1.13 +----------------------------------------------------------- + +This release introduces a workaround for implementations that hang +Postfix while shutting down a TLS session, until Postfix times out. +With "tls_fast_shutdown_enable = yes" (the default), Postfix no +longer waits for a remote TLS peer to respond to a TLS 'close' +request. This behavior is recommended with TLSv1.0 and later. Specify +"tls_fast_shutdown_enable = no" to get historical Postfix behavior. + Workaround - UTF8 support in Postfix MySQL queries -------------------------------------------------- diff -Nru postfix-3.1.12/src/global/mail_params.h postfix-3.1.14/src/global/mail_params.h --- postfix-3.1.12/src/global/mail_params.h 2018-02-18 10:43:14.000000000 -0500 +++ postfix-3.1.14/src/global/mail_params.h 2019-07-23 18:46:37.000000000 -0400 @@ -3261,6 +3261,13 @@ extern bool var_tls_dane_taa_dgst; /* + * The default is backwards-incompatible. + */ +#define VAR_TLS_FAST_SHUTDOWN "tls_fast_shutdown_enable" +#define DEF_TLS_FAST_SHUTDOWN 1 +extern bool var_tls_fast_shutdown; + + /* * Sendmail-style mail filter support. */ #define VAR_SMTPD_MILTERS "smtpd_milters" diff -Nru postfix-3.1.12/src/global/mail_version.h postfix-3.1.14/src/global/mail_version.h --- postfix-3.1.12/src/global/mail_version.h 2019-03-30 10:35:34.000000000 -0400 +++ postfix-3.1.14/src/global/mail_version.h 2019-09-21 12:25:29.000000000 -0400 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20190330" -#define MAIL_VERSION_NUMBER "3.1.12" +#define MAIL_RELEASE_DATE "20190921" +#define MAIL_VERSION_NUMBER "3.1.14" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -Nru postfix-3.1.12/src/postscreen/postscreen_smtpd.c postfix-3.1.14/src/postscreen/postscreen_smtpd.c --- postfix-3.1.12/src/postscreen/postscreen_smtpd.c 2014-12-06 20:35:34.000000000 -0500 +++ postfix-3.1.14/src/postscreen/postscreen_smtpd.c 2019-06-30 13:22:15.000000000 -0400 @@ -895,7 +895,8 @@ vstring_strcpy(state->cmd_buffer, cp); } else if (psc_cmd_filter->error != 0) { msg_fatal("%s:%s lookup error for \"%.100s\"", - psc_cmd_filter->type, psc_cmd_filter->name, cp); + psc_cmd_filter->type, psc_cmd_filter->name, + STR(state->cmd_buffer)); } } diff -Nru postfix-3.1.12/src/smtp/smtp.c postfix-3.1.14/src/smtp/smtp.c --- postfix-3.1.12/src/smtp/smtp.c 2016-02-13 20:08:41.000000000 -0500 +++ postfix-3.1.14/src/smtp/smtp.c 2019-06-29 09:34:14.000000000 -0400 @@ -474,6 +474,11 @@ /* The TLS policy for MX hosts with "secure" TLSA records when the /* nexthop destination security level is \fBdane\fR, but the MX /* record was found via an "insecure" MX lookup. +/* .PP +/* Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +/* .IP "\fBtls_fast_shutdown_enable (yes)\fR" +/* A workaround for implementations that hang Postfix while shuting +/* down a TLS session, until Postfix times out. /* OBSOLETE STARTTLS CONTROLS /* .ad /* .fi diff -Nru postfix-3.1.12/src/smtpd/smtpd.c postfix-3.1.14/src/smtpd/smtpd.c --- postfix-3.1.12/src/smtpd/smtpd.c 2018-11-17 18:10:03.000000000 -0500 +++ postfix-3.1.14/src/smtpd/smtpd.c 2019-06-29 09:34:14.000000000 -0400 @@ -468,6 +468,11 @@ /* Available in Postfix version 3.0 and later: /* .IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes-256-cbc, Postfix < 3.0: aes-128-cbc)\fR" /* Algorithm used to encrypt RFC5077 TLS session tickets. +/* .PP +/* Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +/* .IP "\fBtls_fast_shutdown_enable (yes)\fR" +/* A workaround for implementations that hang Postfix while shuting +/* down a TLS session, until Postfix times out. /* OBSOLETE STARTTLS CONTROLS /* .ad /* .fi @@ -3448,6 +3453,12 @@ if (vstream_ferror(state->cleanup)) state->err = CLEANUP_STAT_WRITE; } + +#define IS_SMTP_REJECT(s) \ + (((s)[0] == '4' || (s)[0] == '5') \ + && ISDIGIT((s)[1]) && ISDIGIT((s)[2]) \ + && ((s)[3] == '\0' || (s)[3] == ' ' || (s)[3] == '-')) + if (state->err == CLEANUP_STAT_OK) if (rec_fputs(state->cleanup, REC_TYPE_END, "") < 0 || vstream_fflush(state->cleanup)) @@ -3455,7 +3466,10 @@ if (state->err == 0) { why = vstring_alloc(10); state->err = mail_stream_finish(state->dest, why); - printable(STR(why), ' '); + if (IS_SMTP_REJECT(STR(why))) + printable_except(STR(why), ' ', "\r\n"); + else + printable(STR(why), ' '); } else mail_stream_cleanup(state->dest); state->dest = 0; @@ -3490,11 +3504,6 @@ * * See also: qmqpd.c */ -#define IS_SMTP_REJECT(s) \ - (((s)[0] == '4' || (s)[0] == '5') \ - && ISDIGIT((s)[1]) && ISDIGIT((s)[2]) \ - && ((s)[3] == '\0' || (s)[3] == ' ' || (s)[3] == '-')) - if (state->err == CLEANUP_STAT_OK) { state->error_count = 0; state->error_mask = 0; @@ -4916,15 +4925,6 @@ case 0: /* - * Reset the per-command counters. - */ - for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) { - cmdp->success_count = cmdp->total_count = 0; - if (cmdp->name == 0) - break; - } - - /* * In TLS wrapper mode, turn on TLS using code that is shared with * the STARTTLS command. This code does not return when the handshake * fails. @@ -5314,6 +5314,15 @@ if (cmdp->name == 0) break; } + + /* + * Reset the per-command counters. + */ + for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) { + cmdp->success_count = cmdp->total_count = 0; + if (cmdp->name == 0) + break; + } /* * Log total numbers, so that logfile analyzers will see something even diff -Nru postfix-3.1.12/src/tls/Makefile.in postfix-3.1.14/src/tls/Makefile.in --- postfix-3.1.12/src/tls/Makefile.in 2015-01-27 19:13:11.000000000 -0500 +++ postfix-3.1.14/src/tls/Makefile.in 2019-06-25 17:20:41.000000000 -0400 @@ -429,6 +429,7 @@ tls_session.o: ../../include/argv.h tls_session.o: ../../include/check_arg.h tls_session.o: ../../include/dns.h +tls_session.o: ../../include/mail_params.h tls_session.o: ../../include/msg.h tls_session.o: ../../include/myaddrinfo.h tls_session.o: ../../include/mymalloc.h diff -Nru postfix-3.1.12/src/tls/tls_misc.c postfix-3.1.14/src/tls/tls_misc.c --- postfix-3.1.12/src/tls/tls_misc.c 2018-11-17 18:10:03.000000000 -0500 +++ postfix-3.1.14/src/tls/tls_misc.c 2019-06-25 17:20:41.000000000 -0400 @@ -44,6 +44,7 @@ /* char *var_tls_mgr_service; /* char *var_tls_tkt_cipher; /* char *var_openssl_path; +/* bool var_tls_fast_shutdown; /* /* TLS_APPL_STATE *tls_alloc_app_context(ssl_ctx, log_mask) /* SSL_CTX *ssl_ctx; @@ -283,6 +284,7 @@ char *var_tls_mgr_service; char *var_tls_tkt_cipher; char *var_openssl_path; +bool var_tls_fast_shutdown; #ifdef VAR_TLS_PREEMPT_CLIST bool var_tls_preempt_clist; @@ -724,6 +726,7 @@ VAR_TLS_DANE_TAA_DGST, DEF_TLS_DANE_TAA_DGST, &var_tls_dane_taa_dgst, VAR_TLS_PREEMPT_CLIST, DEF_TLS_PREEMPT_CLIST, &var_tls_preempt_clist, VAR_TLS_MULTI_WILDCARD, DEF_TLS_MULTI_WILDCARD, &var_tls_multi_wildcard, + VAR_TLS_FAST_SHUTDOWN, DEF_TLS_FAST_SHUTDOWN, &var_tls_fast_shutdown, 0, }; static int init_done; diff -Nru postfix-3.1.12/src/tls/tls_session.c postfix-3.1.14/src/tls/tls_session.c --- postfix-3.1.12/src/tls/tls_session.c 2008-01-07 20:21:49.000000000 -0500 +++ postfix-3.1.14/src/tls/tls_session.c 2019-06-25 17:20:41.000000000 -0400 @@ -66,6 +66,10 @@ #include <msg.h> #include <mymalloc.h> +/* Global library. */ + +#include <mail_params.h> + /* TLS library. */ #define TLS_INTERNAL @@ -90,6 +94,18 @@ msg_panic("%s: stream has no active TLS context", myname); /* + * According to RFC 2246 (TLS 1.0), there is no requirement to wait for + * the peer's close-notify. If the application protocol provides + * sufficient session termination signaling, then there's no need to + * duplicate that at the TLS close-notify layer. + * + * https://tools.ietf.org/html/rfc2246#section-7.2.1 + * https://tools.ietf.org/html/rfc4346#section-7.2.1 + * https://tools.ietf.org/html/rfc5246#section-7.2.1 + * + * Specify 'tls_fast_shutdown = no' to enable the historical behavior + * described below. + * * Perform SSL_shutdown() twice, as the first attempt will send out the * shutdown alert but it will not wait for the peer's shutdown alert. * Therefore, when we are the first party to send the alert, we must call @@ -99,7 +115,7 @@ */ if (!failure) { retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext); - if (retval == 0) + if (!var_tls_fast_shutdown && retval == 0) tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext); } tls_free_context(TLScontext); diff -Nru postfix-3.1.12/src/tlsproxy/tlsproxy.c postfix-3.1.14/src/tlsproxy/tlsproxy.c --- postfix-3.1.12/src/tlsproxy/tlsproxy.c 2018-05-19 09:24:34.000000000 -0400 +++ postfix-3.1.14/src/tlsproxy/tlsproxy.c 2019-09-20 19:07:16.000000000 -0400 @@ -136,6 +136,11 @@ /* Available in Postfix version 2.11 and later: /* .IP "\fBtlsmgr_service_name (tlsmgr)\fR" /* The name of the \fBtlsmgr\fR(8) service entry in master.cf. +/* .PP +/* Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +/* .IP "\fBtls_fast_shutdown_enable (yes)\fR" +/* A workaround for implementations that hang Postfix while shuting +/* down a TLS session, until Postfix times out. /* OBSOLETE STARTTLS SUPPORT CONTROLS /* .ad /* .fi @@ -501,9 +506,8 @@ if (NBBIO_ERROR_FLAGS(plaintext_buf)) { if (NBBIO_ACTIVE_FLAGS(plaintext_buf)) nbbio_disable_readwrite(state->plaintext_buf); - ssl_stat = SSL_shutdown(tls_context->con); - /* XXX Wait for return value 1 if sessions are to be reused? */ - if (ssl_stat < 0) { + if (!SSL_in_init(tls_context->con) + && (ssl_stat = SSL_shutdown(tls_context->con)) < 0) { handshake_err = SSL_get_error(tls_context->con, ssl_stat); tlsp_eval_tls_error(state, handshake_err); /* At this point, state could be a dangling pointer. */ diff -Nru postfix-3.1.12/src/util/printable.c postfix-3.1.14/src/util/printable.c --- postfix-3.1.12/src/util/printable.c 2015-01-13 19:19:23.000000000 -0500 +++ postfix-3.1.14/src/util/printable.c 2019-04-10 17:30:23.000000000 -0400 @@ -11,6 +11,11 @@ /* char *printable(buffer, replacement) /* char *buffer; /* int replacement; +/* +/* char *printable_except(buffer, replacement, except) +/* char *buffer; +/* int replacement; +/* const char *except; /* DESCRIPTION /* printable() replaces non-printable characters /* in its input with the given replacement. @@ -24,6 +29,8 @@ /* .IP replacement /* Replacement value for characters in \fIbuffer\fR that do not /* pass the ASCII isprint(3) test or that are not valid UTF8. +/* .IP except +/* Null-terminated sequence of non-replaced ASCII characters. /* LICENSE /* .ad /* .fi @@ -33,12 +40,18 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ #include "sys_defs.h" #include <ctype.h> +#include <string.h> /* Utility library. */ @@ -46,8 +59,21 @@ int util_utf8_enable = 0; +/* printable - binary compatibility */ + +#undef printable + +char *printable(char *, int); + char *printable(char *string, int replacement) { + return (printable_except(string, replacement, (char *) 0)); +} + +/* printable_except - pass through printable or other preserved characters */ + +char *printable_except(char *string, int replacement, const char *except) +{ unsigned char *cp; int ch; @@ -57,7 +83,7 @@ */ cp = (unsigned char *) string; while ((ch = *cp) != 0) { - if (ISASCII(ch) && ISPRINT(ch)) { + if (ISASCII(ch) && (ISPRINT(ch) || (except && strchr(except, ch)))) { /* ok */ } else if (util_utf8_enable && ch >= 194 && ch <= 254 && cp[1] >= 128 && cp[1] < 192) { diff -Nru postfix-3.1.12/src/util/stringops.h postfix-3.1.14/src/util/stringops.h --- postfix-3.1.12/src/util/stringops.h 2015-09-13 11:36:38.000000000 -0400 +++ postfix-3.1.14/src/util/stringops.h 2019-04-10 17:22:22.000000000 -0400 @@ -20,7 +20,7 @@ * External interface. */ extern int util_utf8_enable; -extern char *printable(char *, int); +extern char *printable_except(char *, int, const char *); extern char *neuter(char *, const char *, int); extern char *lowercase(char *); extern char *casefoldx(int, VSTRING *, const char *, ssize_t); @@ -32,6 +32,9 @@ extern char *mystrtokq(char **, const char *, const char *); extern char *translit(char *, const char *, const char *); +#define printable(string, replacement) \ + printable_except((string), (replacement), (char *) 0) + #ifndef HAVE_BASENAME #define basename postfix_basename extern char *basename(const char *); @@ -85,6 +88,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ #endif diff -Nru postfix-3.1.12/src/util/vstream_tweak.c postfix-3.1.14/src/util/vstream_tweak.c --- postfix-3.1.12/src/util/vstream_tweak.c 2014-12-25 11:47:17.000000000 -0500 +++ postfix-3.1.14/src/util/vstream_tweak.c 2019-09-08 10:36:14.000000000 -0400 @@ -124,12 +124,20 @@ * stream buffer size to less than VSTREAM_BUFSIZE, when the request is * made before the first stream read or write operation. We don't want to * reduce the buffer size. + * + * As of 20190820 we increase the mss size multipler from 2x to 4x, because + * some LINUX loopback TCP stacks report an MSS of 21845 which is 3x + * smaller than the MTU of 65536. Even with a VSTREAM buffer 2x the + * reported MSS size, performance would suck due to Nagle or delayed ACK + * delays. */ #define EFF_BUFFER_SIZE(fp) (vstream_req_bufsize(fp) ? \ vstream_req_bufsize(fp) : VSTREAM_BUFSIZE) #ifdef CA_VSTREAM_CTL_BUFSIZE - if (mss > EFF_BUFFER_SIZE(fp) / 2) { + if (mss > EFF_BUFFER_SIZE(fp) / 4) { + if (mss < INT_MAX / 2) + mss *= 2; if (mss < INT_MAX / 2) mss *= 2; vstream_control(fp, diff -Nru postfix-3.1.12/src/xsasl/xsasl_dovecot_server.c postfix-3.1.14/src/xsasl/xsasl_dovecot_server.c --- postfix-3.1.12/src/xsasl/xsasl_dovecot_server.c 2016-01-23 19:50:54.000000000 -0500 +++ postfix-3.1.14/src/xsasl/xsasl_dovecot_server.c 2019-08-27 03:35:11.000000000 -0400 @@ -584,10 +584,20 @@ if (xsasl_dovecot_parse_reply(server, &line) == 0) { /* authentication successful */ xsasl_dovecot_parse_reply_args(server, line, reply, 1); + if (server->username == 0) { + msg_warn("missing Dovecot server %s username field", cmd); + vstring_strcpy(reply, "Authentication backend error"); + return XSASL_AUTH_FAIL; + } return XSASL_AUTH_DONE; } } else if (strcmp(cmd, "CONT") == 0) { if (xsasl_dovecot_parse_reply(server, &line) == 0) { + if (line == 0) { + msg_warn("missing Dovecot server %s reply field", cmd); + vstring_strcpy(reply, "Authentication backend error"); + return XSASL_AUTH_FAIL; + } vstring_strcpy(reply, line); return XSASL_AUTH_MORE; }
