Prereq: "2.8.0"
diff -cr --new-file /var/tmp/postfix-2.8.0/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-2.8.0/src/global/mail_version.h	Thu Jan 20 20:10:41 2011
--- ./src/global/mail_version.h	Mon Feb  7 14:07:02 2011
***************
*** 20,27 ****
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20110120"
! #define MAIL_VERSION_NUMBER	"2.8.0"
  
  #ifdef SNAPSHOT
  # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
--- 20,27 ----
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20110207"
! #define MAIL_VERSION_NUMBER	"2.8.1-RC1"
  
  #ifdef SNAPSHOT
  # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -cr --new-file /var/tmp/postfix-2.8.0/HISTORY ./HISTORY
*** /var/tmp/postfix-2.8.0/HISTORY	Tue Jan 18 18:21:44 2011
--- ./HISTORY	Mon Feb  7 13:38:36 2011
***************
*** 16514,16516 ****
--- 16514,16521 ----
  	Bugfix: support for the "dunno" command somehow disappeared
  	from the postscreen_access_list implementation.  File:
  	postscreen/postscreen_access.c.
+ 
+ 20110207
+ 
+ 	Bugfix (introduced Postfix 2.8): segfault with smtpd_tls_loglevel
+ 	>= 3. Files: tls/tls_server.c, tls.h, smtpd.c, tlsproxy.c.
diff -cr --new-file /var/tmp/postfix-2.8.0/README_FILES/POSTSCREEN_README ./README_FILES/POSTSCREEN_README
*** /var/tmp/postfix-2.8.0/README_FILES/POSTSCREEN_README	Tue Jan 18 09:16:19 2011
--- ./README_FILES/POSTSCREEN_README	Sat Jan 22 08:51:57 2011
***************
*** 505,511 ****
  
   3. Uncomment the new "smtpd pass ... smtpd" service in master.cf, and
      duplicate any "-o parameter=value" entries from the smtpd service that was
!     commented out in step 1.
  
      /etc/postfix/master.cf:
          smtpd     pass  -       -       n       -       -       smtpd
--- 505,511 ----
  
   3. Uncomment the new "smtpd pass ... smtpd" service in master.cf, and
      duplicate any "-o parameter=value" entries from the smtpd service that was
!     commented out in the previous step.
  
      /etc/postfix/master.cf:
          smtpd     pass  -       -       n       -       -       smtpd
diff -cr --new-file /var/tmp/postfix-2.8.0/html/POSTSCREEN_README.html ./html/POSTSCREEN_README.html
*** /var/tmp/postfix-2.8.0/html/POSTSCREEN_README.html	Tue Jan 18 09:16:19 2011
--- ./html/POSTSCREEN_README.html	Sat Jan 22 08:51:56 2011
***************
*** 701,707 ****
  
  <li> <p> Uncomment the new "<tt>smtpd pass ... smtpd</tt>" service
  in <a href="master.5.html">master.cf</a>, and duplicate any "<tt>-o parameter=value</tt>" entries
! from the smtpd service that was commented out in step 1. </p>
  
  <pre>
  /etc/postfix/<a href="master.5.html">master.cf</a>:
--- 701,708 ----
  
  <li> <p> Uncomment the new "<tt>smtpd pass ... smtpd</tt>" service
  in <a href="master.5.html">master.cf</a>, and duplicate any "<tt>-o parameter=value</tt>" entries
! from the smtpd service that was commented out in the previous step.
! </p>
  
  <pre>
  /etc/postfix/<a href="master.5.html">master.cf</a>:
diff -cr --new-file /var/tmp/postfix-2.8.0/html/postscreen.8.html ./html/postscreen.8.html
*** /var/tmp/postfix-2.8.0/html/postscreen.8.html	Mon Jan 17 19:40:55 2011
--- ./html/postscreen.8.html	Fri Feb  4 13:29:09 2011
***************
*** 61,67 ****
         <a href="http://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
         <a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Status Codes)
         <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
!        <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
         <a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
         <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
         <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
--- 61,67 ----
         <a href="http://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
         <a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Status Codes)
         <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
!        Not: <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
         <a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
         <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
         <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
diff -cr --new-file /var/tmp/postfix-2.8.0/man/man8/postscreen.8 ./man/man8/postscreen.8
*** /var/tmp/postfix-2.8.0/man/man8/postscreen.8	Mon Jan 17 19:40:54 2011
--- ./man/man8/postscreen.8	Fri Feb  4 13:29:09 2011
***************
*** 64,70 ****
  RFC 1985 (ETRN command)
  RFC 2034 (SMTP Enhanced Status Codes)
  RFC 2821 (SMTP protocol)
! RFC 2920 (SMTP Pipelining)
  RFC 3207 (STARTTLS command)
  RFC 3461 (SMTP DSN Extension)
  RFC 3463 (Enhanced Status Codes)
--- 64,70 ----
  RFC 1985 (ETRN command)
  RFC 2034 (SMTP Enhanced Status Codes)
  RFC 2821 (SMTP protocol)
! Not: RFC 2920 (SMTP Pipelining)
  RFC 3207 (STARTTLS command)
  RFC 3461 (SMTP DSN Extension)
  RFC 3463 (Enhanced Status Codes)
diff -cr --new-file /var/tmp/postfix-2.8.0/proto/POSTSCREEN_README.html ./proto/POSTSCREEN_README.html
*** /var/tmp/postfix-2.8.0/proto/POSTSCREEN_README.html	Tue Jan 18 09:16:07 2011
--- ./proto/POSTSCREEN_README.html	Sat Jan 22 08:51:55 2011
***************
*** 701,707 ****
  
  <li> <p> Uncomment the new "<tt>smtpd pass ... smtpd</tt>" service
  in master.cf, and duplicate any "<tt>-o parameter=value</tt>" entries
! from the smtpd service that was commented out in step 1. </p>
  
  <pre>
  /etc/postfix/master.cf:
--- 701,708 ----
  
  <li> <p> Uncomment the new "<tt>smtpd pass ... smtpd</tt>" service
  in master.cf, and duplicate any "<tt>-o parameter=value</tt>" entries
! from the smtpd service that was commented out in the previous step.
! </p>
  
  <pre>
  /etc/postfix/master.cf:
diff -cr --new-file /var/tmp/postfix-2.8.0/src/postscreen/postscreen.c ./src/postscreen/postscreen.c
*** /var/tmp/postfix-2.8.0/src/postscreen/postscreen.c	Thu Jan 20 13:54:49 2011
--- ./src/postscreen/postscreen.c	Fri Feb  4 13:28:57 2011
***************
*** 54,60 ****
  /*	RFC 1985 (ETRN command)
  /*	RFC 2034 (SMTP Enhanced Status Codes)
  /*	RFC 2821 (SMTP protocol)
! /*	RFC 2920 (SMTP Pipelining)
  /*	RFC 3207 (STARTTLS command)
  /*	RFC 3461 (SMTP DSN Extension)
  /*	RFC 3463 (Enhanced Status Codes)
--- 54,60 ----
  /*	RFC 1985 (ETRN command)
  /*	RFC 2034 (SMTP Enhanced Status Codes)
  /*	RFC 2821 (SMTP protocol)
! /*	Not: RFC 2920 (SMTP Pipelining)
  /*	RFC 3207 (STARTTLS command)
  /*	RFC 3461 (SMTP DSN Extension)
  /*	RFC 3463 (Enhanced Status Codes)
diff -cr --new-file /var/tmp/postfix-2.8.0/src/smtpd/smtpd.c ./src/smtpd/smtpd.c
*** /var/tmp/postfix-2.8.0/src/smtpd/smtpd.c	Sat Jan 15 18:18:14 2011
--- ./src/smtpd/smtpd.c	Mon Feb  7 13:34:41 2011
***************
*** 4028,4033 ****
--- 4028,4034 ----
  	TLS_SERVER_START(&props,
  			 ctx = smtpd_tls_ctx,
  			 stream = state->client,
+ 			 fd = -1,
  			 log_level = var_smtpd_tls_loglevel,
  			 timeout = var_smtpd_starttls_tmout,
  			 requirecert = requirecert,
diff -cr --new-file /var/tmp/postfix-2.8.0/src/tls/tls.h ./src/tls/tls.h
*** /var/tmp/postfix-2.8.0/src/tls/tls.h	Tue Dec 28 19:24:31 2010
--- ./src/tls/tls.h	Mon Feb  7 10:25:04 2011
***************
*** 268,273 ****
--- 268,274 ----
  typedef struct {
      TLS_APPL_STATE *ctx;		/* TLS application context */
      VSTREAM *stream;			/* Client stream */
+     int     fd;				/* Event-driven file descriptor */
      int     log_level;			/* TLS log level */
      int     timeout;			/* TLS handshake timeout */
      int     requirecert;		/* Insist on client cert? */
***************
*** 293,302 ****
      ((props)->a12), ((props)->a13), ((props)->a14), ((props)->a15), \
      ((props)->a16), ((props)->a17), ((props)->a18), ((props)->a19), (props)))
  
! #define TLS_SERVER_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10) \
      tls_server_start((((props)->a1), ((props)->a2), ((props)->a3), \
      ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
!     ((props)->a8), ((props)->a9), ((props)->a10), (props)))
  
   /*
    * tls_session.c
--- 294,303 ----
      ((props)->a12), ((props)->a13), ((props)->a14), ((props)->a15), \
      ((props)->a16), ((props)->a17), ((props)->a18), ((props)->a19), (props)))
  
! #define TLS_SERVER_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11) \
      tls_server_start((((props)->a1), ((props)->a2), ((props)->a3), \
      ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
!     ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), (props)))
  
   /*
    * tls_session.c
diff -cr --new-file /var/tmp/postfix-2.8.0/src/tls/tls_server.c ./src/tls/tls_server.c
*** /var/tmp/postfix-2.8.0/src/tls/tls_server.c	Fri Dec 31 19:01:44 2010
--- ./src/tls/tls_server.c	Mon Feb  7 10:38:33 2011
***************
*** 89,95 ****
  /*	SSL_accept(), SSL_read(), SSL_write() and SSL_shutdown().
  /*
  /*	To maintain control over TLS I/O, an event-driven server
! /*	invokes tls_server_start() with a null VSTREAM argument.
  /*	Then, tls_server_start() performs all the necessary
  /*	preparations before the TLS handshake and returns a partially
  /*	populated TLS context. The event-driven application is then
--- 89,96 ----
  /*	SSL_accept(), SSL_read(), SSL_write() and SSL_shutdown().
  /*
  /*	To maintain control over TLS I/O, an event-driven server
! /*	invokes tls_server_start() with a null VSTREAM argument and
! /*	with an fd argument that specifies the I/O file descriptor.
  /*	Then, tls_server_start() performs all the necessary
  /*	preparations before the TLS handshake and returns a partially
  /*	populated TLS context. The event-driven application is then
***************
*** 658,663 ****
--- 659,676 ----
      SSL_set_accept_state(TLScontext->con);
  
      /*
+      * Connect the SSL connection with the network socket.
+      */
+     if (SSL_set_fd(TLScontext->con, props->stream == 0 ? props->fd :
+ 		   vstream_fileno(props->stream)) != 1) {
+ 	msg_info("SSL_set_fd error to %s", props->namaddr);
+ 	tls_print_errors();
+ 	uncache_session(app_ctx->ssl_ctx, TLScontext);
+ 	tls_free_context(TLScontext);
+ 	return (0);
+     }
+ 
+     /*
       * If the debug level selected is high enough, all of the data is dumped:
       * 3 will dump the SSL negotiation, 4 will dump everything.
       * 
***************
*** 676,692 ****
  	return (TLScontext);
  
      /*
-      * Connect the SSL connection with the network socket.
-      */
-     if (SSL_set_fd(TLScontext->con, vstream_fileno(props->stream)) != 1) {
- 	msg_info("SSL_set_fd error to %s", props->namaddr);
- 	tls_print_errors();
- 	uncache_session(app_ctx->ssl_ctx, TLScontext);
- 	tls_free_context(TLScontext);
- 	return (0);
-     }
- 
-     /*
       * Turn on non-blocking I/O so that we can enforce timeouts on network
       * I/O.
       */
--- 689,694 ----
diff -cr --new-file /var/tmp/postfix-2.8.0/src/tlsproxy/tlsproxy.c ./src/tlsproxy/tlsproxy.c
*** /var/tmp/postfix-2.8.0/src/tlsproxy/tlsproxy.c	Mon Jan 17 10:43:31 2011
--- ./src/tlsproxy/tlsproxy.c	Mon Feb  7 10:32:28 2011
***************
*** 687,692 ****
--- 687,693 ----
  	TLS_SERVER_START(&props,
  			 ctx = tlsp_server_ctx,
  			 stream = (VSTREAM *) 0,/* unused */
+ 			 fd = state->ciphertext_fd,
  			 log_level = var_tlsp_tls_loglevel,
  			 timeout = 0,		/* unused */
  			 requirecert = (var_tlsp_tls_req_ccert
***************
*** 703,720 ****
      }
  
      /*
-      * This program will do the ciphertext I/O, not libtls. In the future,
-      * the above event-driven engine may be factored out as a libtls library
-      * module.
-      */
-     if (SSL_set_fd(state->tls_context->con, state->ciphertext_fd) != 1) {
- 	msg_info("SSL_set_fd error to %s", state->remote_endpt);
- 	tls_print_errors();
- 	tlsp_state_free(state);
- 	return;
-     }
- 
-     /*
       * XXX Do we care about TLS session rate limits? Good postscreen(8)
       * clients will occasionally require the tlsproxy to renew their
       * whitelist status, but bad clients hammering the server can suck up
--- 704,709 ----