From c305034bca86f03aba22e1fa20031d699156bb27 Mon Sep 17 00:00:00 2001 From: Olli Hauer Date: Sun, 31 Mar 2019 13:08:05 +0000 Subject: - update to postfix-3.3.4 Changelog: 20190312 Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce has been producing false rejects starting with the Postfix 2.2 smtpd_end_of_data_restrictons, and for the same reasons, did the same with the Postfix 3.4 BDAT command. The latter was reported by Andreas Schulze. File: smtpd/smtpd_check.c. 20190328 Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. --- mail/postfix/files/patch-src_tls_tls__server.c | 46 ++++++-------------------- 1 file changed, 10 insertions(+), 36 deletions(-) (limited to 'mail/postfix/files/patch-src_tls_tls__server.c') diff --git a/mail/postfix/files/patch-src_tls_tls__server.c b/mail/postfix/files/patch-src_tls_tls__server.c index e6cd6188f0fb..165b6746f31a 100644 --- a/mail/postfix/files/patch-src_tls_tls__server.c +++ b/mail/postfix/files/patch-src_tls_tls__server.c @@ -1,38 +1,12 @@ --- src/tls/tls_server.c.orig 2018-11-17 22:33:15 UTC +++ src/tls/tls_server.c -@@ -174,7 +174,7 @@ static const char server_session_id_cont - #endif /* OPENSSL_VERSION_NUMBER */ - - /* OpenSSL 1.1.0 bitrot */ --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - typedef const unsigned char *session_id_t; - - #else -@@ -377,7 +377,7 @@ TLS_APPL_STATE *tls_server_init(const TL - */ - tls_check_version(); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - - /* - * Initialize the OpenSSL library by the book! To start with, we must -@@ -486,7 +486,7 @@ TLS_APPL_STATE *tls_server_init(const TL - * OpenSSL 0.9.8h, while SSL_NO_TICKET was added in 0.9.8f. - */ - #ifdef SSL_OP_NO_TICKET --#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER >= 0x0090808fL -+#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER >= 0x0090808fL && !defined(LIBRESSL_VERSION_NUMBER) - ticketable = (*var_tls_tkt_cipher && scache_timeout > 0 - && !(off & SSL_OP_NO_TICKET)); - if (ticketable) { -@@ -595,7 +595,7 @@ TLS_APPL_STATE *tls_server_init(const TL - /* - * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev - */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - - /* - * According to OpenSSL documentation, a temporary RSA key is needed when +@@ -517,7 +517,9 @@ TLS_APPL_STATE *tls_server_init(const TL + * ticket decryption callback already (since 2.11) asks OpenSSL to + * avoid issuing new tickets when the presented ticket is re-usable. + */ ++#ifndef LIBRESSL_VERSION_NUMBER + SSL_CTX_set_num_tickets(server_ctx, 1); ++#endif + } + #endif + if (!ticketable) -- cgit v1.2.3