diff options
| author | Olli Hauer <ohauer@FreeBSD.org> | 2019-03-31 13:08:05 +0000 |
|---|---|---|
| committer | Olli Hauer <ohauer@FreeBSD.org> | 2019-03-31 13:08:05 +0000 |
| commit | c305034bca86f03aba22e1fa20031d699156bb27 (patch) | |
| tree | 0411e83a1c1a861966f5c85936b656ec35072bf4 /mail/postfix/files/patch-src_tls_tls__server.c | |
| parent | Spell FTP properly (uppercased) when it does not refer to a command name. (diff) | |
- update to postfix-3.3.4
Changelog:
20190312
Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
has been producing false rejects starting with the Postfix
2.2 smtpd_end_of_data_restrictons, and for the same reasons,
did the same with the Postfix 3.4 BDAT command. The latter
was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
20190328
Bugfix (introduced: Postfix 3.0): LMTP connections over
UNIX-domain sockets were cached but not reused, due to a
cache lookup key mismatch. Therefore, idle cached connections
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
Diffstat (limited to 'mail/postfix/files/patch-src_tls_tls__server.c')
| -rw-r--r-- | mail/postfix/files/patch-src_tls_tls__server.c | 46 |
1 files changed, 10 insertions, 36 deletions
diff --git a/mail/postfix/files/patch-src_tls_tls__server.c b/mail/postfix/files/patch-src_tls_tls__server.c index e6cd6188f0fb..165b6746f31a 100644 --- a/mail/postfix/files/patch-src_tls_tls__server.c +++ b/mail/postfix/files/patch-src_tls_tls__server.c @@ -1,38 +1,12 @@ --- src/tls/tls_server.c.orig 2018-11-17 22:33:15 UTC +++ src/tls/tls_server.c -@@ -174,7 +174,7 @@ static const char server_session_id_cont - #endif /* OPENSSL_VERSION_NUMBER */ - - /* OpenSSL 1.1.0 bitrot */ --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - typedef const unsigned char *session_id_t; - - #else -@@ -377,7 +377,7 @@ TLS_APPL_STATE *tls_server_init(const TL - */ - tls_check_version(); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - - /* - * Initialize the OpenSSL library by the book! To start with, we must -@@ -486,7 +486,7 @@ TLS_APPL_STATE *tls_server_init(const TL - * OpenSSL 0.9.8h, while SSL_NO_TICKET was added in 0.9.8f. - */ - #ifdef SSL_OP_NO_TICKET --#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER >= 0x0090808fL -+#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER >= 0x0090808fL && !defined(LIBRESSL_VERSION_NUMBER) - ticketable = (*var_tls_tkt_cipher && scache_timeout > 0 - && !(off & SSL_OP_NO_TICKET)); - if (ticketable) { -@@ -595,7 +595,7 @@ TLS_APPL_STATE *tls_server_init(const TL - /* - * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev - */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - - /* - * According to OpenSSL documentation, a temporary RSA key is needed when +@@ -517,7 +517,9 @@ TLS_APPL_STATE *tls_server_init(const TL + * ticket decryption callback already (since 2.11) asks OpenSSL to + * avoid issuing new tickets when the presented ticket is re-usable. + */ ++#ifndef LIBRESSL_VERSION_NUMBER + SSL_CTX_set_num_tickets(server_ctx, 1); ++#endif + } + #endif + if (!ticketable) |