|
|
|
|
Changelog for postfix-doc-3.9.0-5.1.noarch.rpm :
* Tue Jun 18 2024 chrisAATTcomputersalat.de- fix for Invalid cross-device link * failed to create hard link \'etc/localtime\' => \'/usr/share/zoneinfo/Etc/UTC\' * Tue Jun 11 2024 Adam Majer - Set built-in path values to suse values (bsc#1215689) * Mon May 20 2024 chrisAATTcomputersalat.de- Update update_chroot.systemd * Add missing checks for DKIM (openDKIM)- keep spec and changes files in sync * Fri May 17 2024 Peter Varkoly - config.postfix needs updating (bsc#1224207) * chkconfig -> systemctl * Link Cyrus lmtp only if this exsists * /usr/lib64/sasl2 does not need to exist * Fetch timezone via readlink from /etc/localtime * Fri Apr 05 2024 Georg Pfuetzenreuter - Move qshape(1) out of -doc, install it as a binary with the main package * Thu Mar 07 2024 Arjen de Korte - update to 3.9.0 * As described in DEPRECATION_README, the SMTP server features \"permit_naked_ip_address\", \"check_relay_domains\", and \"reject_maps_rbl\" have been removed, after they have been logging a warning for some 20 years. These features now log a warning and return a \"server configuration error\" response. * The MySQL client no longer supports MySQL versions < 4.0. MySQL version 4.0 was released in 2003. * As covered in DEPRECATION_README, the configuration parameter \"disable_dns_lookup\" and about a dozen TLS-related parameters are now officially obsolete. These parameters still work, but the postconf command logs warnings that they will be removed from Postfix. * As covered in DEPRECATION_README, \"permit_mx_backup\" logs a warning that it will be removed from Postfix. * In message headers, Postfix now formats numerical days as two-digit days, i.e. days 1-9 have a leading zero instead of a leading space. This change was made because the RFC 5322 date and time specification recommends (i.e. SHOULD) that a single space be used in each place that folding white space appears. This change avoids a breaking change in the length of a date string. * The MySQL client default characterset is now configurable with the \"charset\" configuration file attribute. The default is \"utf8mb4\", consistent with the MySQL 8.0 built-in default, but different from earlier MySQL versions where the built-in default was \"latin1\". * Support to query MongoDB databases, contributed by Hamid Maadani, based on earlier code by Stephan Ferraro. See MONGODB_README and mongodb_table(5) * The RFC 3461 envelope ID is now exported in the local(8) delivery agent with the ENVID environment variable, and in the pipe(8) delivery agent with the ${envid} command-line attribute. * Configurable idle and retry timer settings in the mysql: and pgsql: clients. A shorter than default retry timer can sped up the recovery after error, when Postfix is configured with only one server in the \"hosts\" attribute. After the code was frozen for release, we have learned that Postfix can recover faster from some errors when the single server is specified multiple times in the \"hosts\" attribute. * Optional Postfix TLS support to request an RFC7250 raw public key instead of an X.509 public-key certificate. The configuration settings for raw key public support will be ignored when there is no raw public key support in the local TLS implementation (i.e. Postfix with OpenSSL versions before 3.2). See RELEASE_NOTES for more information. * Preliminary support for OpenSSL configuration files, primarily OpenSSL 1.1.1b and later. This introduces two new parameters \"tls_config_file\" and \"tls_config_name\", which can be used to limit collateral damage from OS distributions that crank up security to 11, increasing the number of plaintext email deliveries. Details are in the postconf(5) manpage under \"tls_config_file\" and \"tls_config_name\". * With \"smtpd_forbid_unauth_pipelining = yes\" (the default), Postfix defends against multiple \"blind\" SMTP attacks. This feature was back-ported to older stable releases but disabled by default. * With \"smtpd_forbid_bare_newline = normalize\" (the default) Postfix defends against SMTP smuggling attacks. See RELEASE_NOTES for details. This feature was back-ported to older stable releases but disabled by default. * Prevent outbound SMTP smuggling, where an attacker uses Postfix to send email containing a non-standard End-of-DATA sequence, to exploit inbound SMTP smuggling at a vulnerable remote SMTP server. With \"cleanup_replace_stray_cr_lf = yes\" (the default), the cleanup daemon replaces each stray or character in message content with a space character. This feature was back-ported to older stable releases with identical functionality. * The Postfix DNS client now limits the total size of DNS lookup results to 100 records; it drops the excess records, and logs a warning. This limit is 20x larger than the number of server addresses that the Postfix SMTP client is willing to consider when delivering mail, and is far below the number of records that could cause a tail recursion crash in dns_rr_append() as reported by Toshifumi Sakaguchi. This also introduces a similar limit on the number of DNS requests that a check_ *_ *_access restriction can make. All this was back-ported to older stable releases with identical functionality.- refreshed patch: % postfix-no-md5.patch- change obsoleted \"disable_dns_lookups\" to \"smtp_dns_support_level\" % postfix-SUSE.tar.gz % postfix-main.cf.patch % postfix-master.cf.patch * Tue Mar 05 2024 Arjen de Korte - update to 3.8.6 * Bugfix (defect introduced: Postfix 2.3, date 20051222): the Dovecot auth client did not reset the \'reason\' from a previous Dovecot auth service response, before parsing the next Dovecot auth server response in the same SMTP session, resulting in a nonsensical \"authentication failed\" warning message. Reported by Stephan Bosch. * Bugfix (defect introduced: Postfix 3.1, date: 20151128): \"postqueue -j\" produced broken JSON when escaping a control character as \\uXXXX. Found during code maintenance. * Cleanup: this fixes posttls-finger certificate match expectations for all TLS security levels, including warnings for levels that don\'t implement certificate matching. By Viktor Dukhovni. * Bugfix (defect introduced: Postfix 2.3): after prepending a header at the top of a message (with an access(5), header_checks(5) or Milter action), the Postfix Milter \"delete header\" or \"update header\" action was skipping the prepended header, instead of skipping the Postfix-generated Received: header. Problem report by Carlos Velasco. * Workaround: tlsmgr logfile spam. Reportedly, some OS lies under load: it says that a socket is readable, then it says that the socket has unread data, and then it says that read returns EOF, causing Postfix to spam the log with a warning message. * Bugfix (defect introduced: Postfix 3.4): the SMTP server\'s BDAT command handler could be tricked to read $message_size_limit bytes into memory. Found during code maintenance. * Safety: limit the total size of DNS lookup results to 100 records; drop the excess records, and log a warning. This limit is 20x larger than the number of server addresses that the Postfix SMTP client is willing to consider when delivering mail, and is far below the number of records that could cause a tail recursion crash in dns_rr_append() as reported by Toshifumi Sakaguchi. This fix also limits the number of DNS requests that a check_ *_ *_access restriction can make. * Performance, related to the previous problem: eliminate worst-case behavior where the queue manager could defer delivery to all destinations over a specific delivery transport, after only a single delivery agent crash. The scheduler now throttles deliveries to one destination, and allows other deliveries to keep making progress.- change to functioning mirror (http://cdn.postfix.johnriley.me/ has been dead for a while although it is still listed upstream)- make output of %setup less verbose by restoring -q option * Tue Mar 05 2024 Peter Varkoly - %autosetup does not works with multiple -a. https://github.com/rpm-software-management/rpm/issues/1204 * Thu Feb 29 2024 Dominique Leuenberger - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. * Tue Jan 23 2024 Arjen de Korte - update to 3.8.5 * Security: this release improves support to defend against an email spoofing attack (SMTP smuggling) on recipients at a Postfix server. For background, see https://www.postfix.org/smtp-smuggling.html. * Sat Jan 06 2024 chrisAATTcomputersalat.de- rework fix for bsc#1192173: keep myhostname and mydestination patched, but with upstream default to have them in correct place when updated via config.postfix- rework SMTP Smuggling defaults * yes is now alias of \'normalize\' smtpd_forbid_bare_newline = normalize * another new option is \'reject\' wich should be used in connection with smtpd_forbid_bare_newline_reject_code = 521- rework patches * postfix-bdb-main.cf.patch * postfix-main.cf.patch- rebase patches * postfix-linux45.patch * postfix-ssl-release-buffers.patch * postfix-vda-v14-3.0.3.patch * set-default-db-type.patch- sync changes files * add missing entries in postfix-bdb.changes * Thu Dec 28 2023 Dirk Müller - update default configuration to enable the long-term fix for bsc#1218304, bsc#1218314 CVE-2023-51764, SMTP smuggling attack: * smtpd_forbid_bare_newline = yes * smtpd_forbid_bare_newline_exclusions = $mynetworks * Fri Dec 22 2023 Arjen de Korte - update to 3.8.4 (bsc#1218304, CVE-2023-51764): * Security: this release adds support to defend against an email spoofing attack (SMTP smuggling) on recipients at a Postfix server. For background, see https://www.postfix.org/smtp-smuggling.html * Fri Nov 03 2023 Arjen de Korte - update to 3.8.3 * Bugfix (defect introduced Postfix 2.5, date 20080104): the Postfix SMTP server was waiting for a client command instead of replying immediately, after a client certificate verification error in TLS wrappermode. Reported by Andreas Kinzler. * Usability: the Postfix SMTP server (finally) attempts to log the SASL username after authentication failure. In Postfix logging, this appends \", sasl_username=xxx\" after the reason for SASL authentication failure. The logging replaces an unavailable reason with \"(reason unavailable)\", and replaces an unavailable sasl_username with \"(unavailable)\". Based on code by Jozsef Kadlecsik. * Compatibility bugfix (defect introduced: Postfix 2.11, date 20130405): in forward_path, the expression ${recipient_delimiter} would expand to an empty string when a recipient address had no recipient delimiter. The compatibility fix is to use a configured recipient delimiter value instead. Reported by Tod A. Sandman. * Mon Oct 23 2023 Peter Varkoly - Syntax error in update_postmaps script (bsc#1216061) * Mon Sep 18 2023 Peter Varkoly - postfix: config.postfix causes too tight permission on main.cf (bsc#1215372) * Tue Aug 15 2023 Peter Varkoly - CVE-2023-32182: postfix: config_postfix SUSE specific script potentially bad /tmp file usage (bsc#1211196) Use temp file created by mktemp * Tue Jun 06 2023 Arjen de Korte - update to 3.8.1 * Optional: harden a Postfix SMTP server against remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. With \"smtpd_forbid_unauth_pipelining = yes\", the server disconnects a client immediately, after responding with \"554 5.5.0 Error: SMTP protocol synchronization\" and after logging \"improper command pipelining\" with the unexpected remote SMTP client input. This feature is disabled by default in Postfix 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled by default in Postfix 3.9. A similar feature is enabled by default in the Exim SMTP server. * Optional: some OS distributions crank up TLS security to 11, and in doing so increase the number of plaintext email deliveries. This introduces basic OpenSSL configuration file support that may be used to override OS-level settings. Details are in the postconf(5) manpage under tls_config_file and tls_config_name. * Bugfix (defect introduced: Postfix 1.0): the command \"postconf .. name=v1 .. name=v2 ..\" (multiple instances of the same parameter name) created multiple main.cf name=value entries with the same parameter name. It now logs a warning and skips the earlier name(s) and value(s). Found during code maintenance. * Bugfix (defect introduced: Postfix 3.3): the command \"postconf - M name1/type1=\'name2 type2 ...\'\" died with a segmentation violation when the request matched multiple master.cf entries. The master.cf file was not damaged. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 2.11): the command \"postconf - M name1/type1=\'name2 type2 ...\'\" could add a service definition to master.cf that conflicted with an already existing service definition. It now replaces all existing service definitions that match the service pattern \'name1/type1\' or the service name and type in \'name2 type2 ...\' with a single service definition \'name2 type2 ...\'. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 3.8) the posttls-finger command could access uninitialized memory when reconnecting. This also fixes a malformed warning message when a destination contains \":service\" information. Reported by Thomas Korbar. * Bugfix (defect introduced: Postfix 3.2): the MySQL client could return \"not found\" instead of \"error\" (for example, resulting in a 5XX SMTP status instead of 4XX) during the time that all MySQL server connections were turned down after error. Found during code maintenance. File: global/dict_mysql.c. This was already fixed in Postfix 3.4-3.7. * Thu May 04 2023 Dominique Leuenberger - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. * Tue Apr 18 2023 Arjen de Korte - update to 3.8.0 * Support to look up DNS SRV records in the Postfix SMTP/LMTP client, Based on code by Tomas Korbar (Red Hat). For example, with \"use_srv_lookup = submission\" and \"relayhost = example.com:submission\", the Postfix SMTP client will look up DNS SRV records for _submission._tcp.example.com, and will relay email through the hosts and ports that are specified with those records. * TLS obsolescence: Postfix now treats the \"export\" and \"low\" cipher grade settings as \"medium\". The \"export\" and \"low\" grades are no longer supported in OpenSSL 1.1.1, the minimum version required in Postfix 3.6.0 and later. Also, Postfix default settings now exclude deprecated or unused ciphers (SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms (DH, ECDH), and public key algorithm (DSS). * Attack resistance: the Postfix SMTP server can now aggregate smtpd_client_ *_rate and smtpd_client_ *_count statistics by network block instead of by IP address, to raise the bar against a memory exhaustion attack in the anvil(8) server; Postfix TLS support unconditionally disables TLS renegotiation in the middle of an SMTP connection, to avoid a CPU exhaustion attack. * The PostgreSQL client encoding is now configurable with the \"encoding\" Postfix configuration file attribute. The default is \"UTF8\". Previously the encoding was hard-coded as \"LATIN1\", which is not useful in the context of SMTP. * The postconf command now warns for #comment in or after a Postfix parameter value. Postfix programs do not support #comment after other text, and treat that as input.- rebase/refresh patches * pointer_to_literals.patch * postfix-linux45.patch * postfix-master.cf.patch * postfix-ssl-release-buffers.patch * set-default-db-type.patch * Sat Feb 25 2023 Otto Hollmann - update to 3.7.4 * Workaround: with OpenSSL 3 and later always turn on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed opportunities for TLS session reuse. This is safe because the SMTP protocol implements application-level framing, and is therefore not affected by TLS truncation attacks. * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound handles for digest implementations. In sufficiently hostile configurations, Postfix could mistakenly believe that a digest algorithm is available, and fail when it is not. A similar workaround may be needed for EVP_get_cipherbyname(). * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate the argument only if there was no prior error. * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation violation when postscreen_dnsbl_threshold < 1. It should reject such input with a fatal error instead. * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions. * Portability: Linux 6 support. * Added missing documentation that cidr:, pcre: and regexp: tables support inline specification only in Postfix 3.7 and later. * Rebased postfix-linux45.patch * Thu Feb 09 2023 Peter Varkoly - SELinux: postfix denied to access /var/spool/postfix/pid/master.pid (bsc#1207177) Apply proposed changes in postfix.service- remove patch included into the source: harden_postfix.service.patch * Wed Jan 25 2023 Thorsten Kukuk - Disable NIS support on Factory (deprecated and will be removed) * Wed Jan 18 2023 Hu - Fix SELinux labeling issue caused by /usr/sbin/config.postfix (bsc#1207227). * Mon Nov 14 2022 Peter Varkoly - postfix default main.cf myhostname default causes conflict (bsc#1192173) Use the postfix build in defaults for myhostname and mydestination * Sun Oct 09 2022 Michael Ströder - update to 3.7.3 * Fixed a bug where some messages were not delivered after \"warning: Unexpected record type \'X\'. (bsc#1213515) * Workaround: in a TLS server disable Postfix\'s 1-element internal session cache, to work around an OpenSSL 3.0 regression that broke TLS handshakes. * Code health: the fix for milter_header_checks (3.7.1, 3.6.6, 3.5.16, 3.4.26) introduced a missing msg_panic() argument (in code that never executes). * Code health: Postfix 3.3.0 introduced an uninitialized verify_append() request status in case of a null original recipient address. * Postfix 3.5.0 introduced debug logging noise in map_search_create(). * Tue Sep 06 2022 Ludwig Nussel - own /var/spool/mail (boo#1179574) * Thu Aug 04 2022 chrisAATTcomputersalat.de- use correct source signature file (gpg2) * Mon Jul 11 2022 chrisAATTcomputersalat.de- update to 3.7.2 https://de.postfix.org/ftpmirror/official/postfix-3.7.2.RELEASE_NOTES- rebase patches * pointer_to_literals.patch * postfix-linux45.patch * postfix-main.cf.patch * postfix-master.cf.patch * postfix-no-md5.patch * postfix-ssl-release-buffers.patch * postfix-vda-v14-3.0.3.patch * set-default-db-type.patch- build against libpcre2 * Tue May 10 2022 chrisAATTcomputersalat.de- remove *.swp from postfix-SUSE.tar.gz * Tue May 03 2022 chrisAATTcomputersalat.de- fix config.postfix \'hash\' leftover with relay_recipients- update postfix-main.cf.patch about * smtp_tls_security_level (obsoletes smtp_use_tls, smtp_enforce_tls) * smtpd_tls_security_level (obsoletes smtpd_use_tls, smtpd_enforce_tls)- rebase/refresh patches * harden_postfix.service.patch * postfix-avoid-infinit-loop-if-no-permission.patch * postfix-master.cf.patch * postfix-vda-v14-3.0.3.patch * set-default-db-type.patch * Mon May 02 2022 Dominique Leuenberger - Change ed requires to /usr/bin/ed: allow busybox-ed to be used inside containers. * Mon Apr 25 2022 Marcus Rueckert - add missing requires for config.postfix and the postfix postinstall script: perl and ed * Mon Apr 18 2022 Michael Ströder - update to 3.6.6 * (problem introduced: Postfix 2.7) The milter_header_checks maps are now opened before the cleanup(8) server enters the chroot jail. * In an internal client module, \"host or service not found\" was a fatal error, causing the milter_default_action setting to be ignored. It is now a non-fatal error, just like a failure to connect. * The proxy_read_maps default value was missing up to 27 parameter names. The corresponding lookup tables were not automatically authorized for use with the proxymap(8) service. The parameter names were ending in _checks, _reply_footer, _reply_filter, _command_filter, and _delivery_status_filter. * (problem introduced: Postfix 3.0) With dynamic map loading enabled, an attempt to create a map with \"postmap regexp:path\" would result in a bogus error message \"Is the postfix-regexp package installed?\" instead of \"unsupported map type for this operation\". This happened with all non-dynamic map types (static, cidr, etc.) that have no \'bulk create\' support. * Mon Apr 04 2022 Peter Varkoly - config.postfix fails to set smtp_tls_security_level (bsc#1192314) * Tue Mar 29 2022 Илья Индиго - Refreshed spec-file via spec-cleaner and manual optimizated. * Added -p flag to all install commands. * Removed -f flag from all ln commands.- Changed file harden_postfix.service.patch (boo#1191988). * Fri Mar 18 2022 Michael Ströder - update to 3.6.5 * Glibc 2.34 implements closefrom(). This was causing a conflict with Postfix\'s implementation for systems that have no closefrom() implementation. * Support for Berkeley DB version 18.- removed obsolete postfix-3.6.2-glibc-234-build-fix.patch * Mon Mar 14 2022 Peter Varkoly - Postfix on start don\'t run postalias /etc/postfix/aliases (error open database /etc/postfix/aliases.lmdb). (bsc#1197041) Apply proposed patch * Wed Feb 09 2022 Peter Varkoly - config.postfix can\'t handle symlink\'d /etc/resolv.cof (bsc#1195019) Adapt proposed change: using \"cp -afL\" by copying. * Tue Jan 18 2022 Michael Ströder - Update to 3.6.4 * Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient entries in postconf output. This was caused by an incomplete fix to send SMTP session transcripts to $bounce_notice_recipient. * Bug introduced in Postfix 3.0: the proxymap daemon did not automatically authorize proxied maps inside pipemap (example: pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. * Bug introduced in Postfix 2.5: off-by-one error while writing a string terminator. This code passed all memory corruption tests, presumably because it wrote over an alignment padding byte, or over an adjacent character byte that was never read. * The proxymap daemon did not automatically authorize map features added after Postfix 3.3, caused by missing *_maps parameter names in the proxy_read_maps default value. Found during code maintenance. * Mon Nov 08 2021 Michael Ströder - Update to 3.6.3 * (problem introduced in Postfix 2.4, released in 2007): queue file corruption after a Milter (for example, MIMEDefang) made a request to replace the message body with a copy of that message body plus additional text (for example, a SpamAssassin report). * (problem introduced in Postfix 2.10, released in 2012): The postconf \"-x\" option could produce incorrect output, because multiple functions were implicitly sharing a buffer for intermediate results. Problem report by raf, root cause analysis by Viktor Dukhovni. * (problem introduced in Postfix 2.11, released in 2013): The check_ccert_access feature worked as expected, but produced a spurious warning when Postfix was built without SASL support. Fix by Brad Barden. * Fix for a compiler warning due to a missing \'const\' qualifier when compiling Postfix with OpenSSL 3. Depending on compiler settings this could cause the build to fail. * The known_tcp_ports settings had no effect. It also wasn\'t fully implemented. Problem report by Peter. * Fix for missing space between a hostname and warning text. * Fri Oct 22 2021 Dirk Stoecker - Ensure postfix can write to home directory or server side filtering wont work (sieve) * Fri Oct 22 2021 Johannes Segitz - Ensure service can write to /etc/postfix * Thu Oct 21 2021 Johannes Segitz - Added hardening to systemd service (bsc#1181400). Added harden_postfix.service.patch * Thu Oct 07 2021 Peter Varkoly - config.postfix not updatet after lmdb switch (bsc#1190945) Adapt config.postfix * Thu Aug 26 2021 Peter Varkoly - postfix master.cf: to include \"submissions\" service (bsc#1189684) Adapt master.cf patch * Tue Aug 24 2021 Peter Varkoly - postfix fails with glibc 2.34 Define HAS_CLOSEFROM (bsc#1189101) add patch - postfix-3.6.2-glibc-234-build-fix.patch * Thu Aug 05 2021 chrisAATTcomputersalat.de- fix config.postfix (follow up of bsc#1188477) * Mon Jul 26 2021 Peter Varkoly - Syntax error in config.postfix (bsc#1188477) * Sun Jul 25 2021 Michael Ströder - Update to 3.6.2 * In Postfix 3.6, fixed a false \"Result too large\" (ERANGE) fatal error in the compatibility_level parser, because there was no \'errno = 0\' statement before an strtol() call. * (problem introduced in Postfix 3.3) \"Null pointer read\" error in the cleanup daemon when \"header_from_format = standard\" (the default as of Postfix 3.3), and email was submitted with /usr/sbin/sendmail without From: header, and an all-space full name was specified in 1) the password file, 2) with \"sendmail - F\", or 3) with the NAME environment variable. Found by Renaud Metrich. * (problem introduced in Postfix 2.4) False \"too many reverse jump\" warnings in the showq daemon, because loop detection code was comparing memory addresses instead of queue file names. Reported by Mehmet Avcioglu. * (problem introduced in 1999) The Postfix SMTP server was sending all session transcripts to the error_notice_recipient (default: postmaster), instead of sending transcripts of bounced mail to the bounce_notice_recipient (default: postmaster). Reported by Hans van Zijst. * The texthash: map implementation broke tls_server_sni_maps, because it did not support multi-file inputs. Reported by Christopher Gurnee, who also found an instance of the missing code in the \"postmap -F\" source code. File: util/dict_thash.c. * Wed Jul 14 2021 Peter Varkoly - spamd wants to start before mail-transfer-agent.target, but that target doesn\'t exist (bsc#1066854) * Tue Jul 06 2021 Christian Wittmer - postfix-SUSE * rework sysconfig.postfix, add - POSTFIX_WITH_DKIM - POSTFIX_DKIM_CONN * rework config.postfix for main.cf - with_dkim- update postfix-main.cf.patch * add OpenDKIM settings * Wed Jun 23 2021 Christian Wittmer - postfix-mysql * add mysql_relay_recipient_maps.cf- postfix-SUSE * rework sysconfig.postfix, add - POSTFIX_RELAY_RECIPIENTS - POSTFIX_BACKUPMX * add relay_recipients * rework config.postfix for main.cf - is_backupmx - relay_recipient_maps * Fri Jun 18 2021 Callum Farmer - Add now working CONFIG parameter to sysusers generator- Remove unnecessary group line from postfix-vmail-user.conf * Mon Jun 14 2021 Michael Ströder - Update to 3.6.1 * Bugfix (introduced: Postfix 2.11): the command \"postmap lmdb:/file/name\" (create LMDB database from textfile) handled duplicate input keys ungracefully, discarding entries stored up to and including the duplicate key, and causing a double free() call with lmdb versions 0.9.17 and later. Reported by Adi Prasaja; double free() root cause analysis by Howard Chu. * Typo (introduced: Postfix 3.4): silent_discard should be silent-discard in BDAT_README. * Sun Jun 06 2021 Christian Wittmer - fix postfix-master.cf.patch * set correct indentation (again) for options of - submission (needs 3 spaces) - smtps (needs 4 spaces) to make config.postfix work nicely again * Wed Jun 02 2021 Marcus Rueckert - Update to 3.6.0 - Major changes - internal protocol identification Internal protocols have changed. You need to \"postfix stop\" before updating, or before backing out to an earlier release, otherwise long-running daemons (pickup, qmgr, verify, tlsproxy, postscreen) may fail to communicate with the rest of Postfix, causing mail delivery delays until Postfix is restarted. For more see /usr/share/doc/packages/postfix/RELEASE_NOTES- refreshed patches to apply cleanly again: fix-postfix-script.patch ipv6_disabled.patch pointer_to_literals.patch postfix-linux45.patch postfix-main.cf.patch postfix-master.cf.patch postfix-no-md5.patch postfix-ssl-release-buffers.patch postfix-vda-v14-3.0.3.patch set-default-db-type.patch * Tue Jun 01 2021 Peter Varkoly - (bsc#1186669) - postfix.service has \"Requires=var-run.mount\" Remove bad requirements * Mon Apr 12 2021 Michael Ströder - Update to 3.5.10 with security fixes: * Missing null pointer checks (introduced in Postfix 3.4) after an internal I/O error during the smtp(8) to tlsproxy(8) handshake. Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni. * Null pointer bug (introduced in Postfix 3.0) and memory leak (introduced in Postfix 3.4) after an inline: table syntax error in main.cf or master.cf. Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni. * Incomplete null pointer check (introduced: Postfix 2.10) after truncated HaProxy version 1 handshake message. Found by Coverity, reported by Jaroslav Skarvada. Fix by Viktor Dukhovni. * Missing null pointer check (introduced: Postfix alpha) after null argv[0] value. * Wed Mar 10 2021 Peter Varkoly - (bsc#1183305) - config.postfix uses db as suffix for postmaps Depending on DEF_DB_TYPE uses lmdb or db * Fri Mar 05 2021 Peter Varkoly - (bsc#1182833) - /usr/share/fillup-templates/sysconfig.postfix still refers to /etc/services Use getent to detect if smtps is already defined. * Fri Feb 05 2021 Peter Varkoly - (bsc#1180473) [Build 20201230] postfix has invalid default config (bsc#1181381) [Build 130.3] openQA test fails in mta, mutt - postfix broken: \"queue file write error\" and \"error: unsupported dictionary type: hash\" Export DEF_DB_TYPE before starting the perl script. * Wed Jan 27 2021 Peter Varkoly - bsc#1180473 - [Build 20201230] postfix has invalid default config Fixing config.postfix and sysconfig.postfix * Mon Jan 25 2021 Paolo Stivanin - Update to 3.5.9 * improves the reporting of DNSSEC problems that may affect DANE security * Thu Jan 07 2021 Arjen de Korte - Only do the conversion from the hash/btree databases to lmdb when the default database type changes from hash to lmdb and do not stop and start the service (the old compiled databases can live together with the new ones) - convert-bdb-to-lmdb.sh- Clean up the specfile * Remove < 1330 conditional builds * Use generated postfix-files instead of the obsolete one from postfix-SUSE.tar.gz * Use dynamicmaps.cf.d instead of modifying dynamicmaps.cf upon (de)installation of optional mysql, pgsql and ldap subpackages * Use default location for post-install, postfix-tls-script, postfix-wrapper and postmulti-script * Mon Jan 04 2021 Peter Varkoly - Set lmdb to be the default db.- Convert btree tables to lmdb too. Stop postfix before converting from bdb to lmdb- This package is without bdb support. That\'s why convert must be done without any suse release condition. o remove patch postfix-no-btree.patch o add set-default-db-type.patch
|
|
|