- Syntax error in update_postmaps script (bsc#1216061)
(bsc#1215372)
(bsc#1192314)
Adapt proposed change: using "cp -afL" by copying.
Define HAS_CLOSEFROM
(bsc#1189101)
(bsc#1188477)
(bsc#1066854)
For more see /usr/share/doc/packages/postfix/RELEASE_NOTES
(bsc#1181381) [Build 130.3] openQA test fails in mta, mutt -
postfix broken: "queue file write error" and "error: unsupported
- bsc#1176650 L3: What is regularly triggering the "fillup"
o add patch for main.cf for postfix-bdb package
- Delete postfix-SUSE/README.SuSE, company name spelled wrong,
- bsc#1162891 server:mail/postfix: cond_slp bug on TW after
- bsc#1160413 postfix fails with -fno-common
- bsc#1142881 - mkpostfixcert from Postfix still uses md
o Major changes
Postfix 3.4.4 fixes both.
o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty
- Replace references to /var/adm/fillup-templates with new
- bnc#1059512 L3: Postfix Problem
seems to be obsolete)
* recover lost (with 3.2.0 update) submission, smtps sections
- update to 3.1.4
- bnc#981097 config.postfix creates broken main.cf for tls client configuration
(no "mailq" equivalent).
smtp_transport_rate_delay = 20s
missed opportunities to block new spambots.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=462
- update to 3.8.3
* Bugfix (defect introduced Postfix 2.5, date 20080104): the
Postfix SMTP server was waiting for a client command instead
of replying immediately, after a client certificate verification
error in TLS wrappermode. Reported by Andreas Kinzler.
* Usability: the Postfix SMTP server (finally) attempts to log
the SASL username after authentication failure. In Postfix
logging, this appends ", sasl_username=xxx" after the reason
for SASL authentication failure. The logging replaces an
unavailable reason with "(reason unavailable)", and replaces
an unavailable sasl_username with "(unavailable)". Based on
code by Jozsef Kadlecsik.
* Compatibility bugfix (defect introduced: Postfix 2.11, date
20130405): in forward_path, the expression ${recipient_delimiter}
would expand to an empty string when a recipient address had
no recipient delimiter. The compatibility fix is to use a
configured recipient delimiter value instead. Reported by Tod
A. Sandman.
OBS-URL: https://build.opensuse.org/request/show/1123266
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=459
- update to 3.8.1
* Optional: harden a Postfix SMTP server against remote SMTP
clients that violate RFC 2920 (or 5321) command pipelining
constraints. With "smtpd_forbid_unauth_pipelining = yes", the
server disconnects a client immediately, after responding with
"554 5.5.0 Error: SMTP protocol synchronization" and after
logging "improper command pipelining" with the unexpected remote
SMTP client input. This feature is disabled by default in Postfix
3.5-3.8 to avoid breaking home-grown utilities, but it is enabled
by default in Postfix 3.9. A similar feature is enabled by
default in the Exim SMTP server.
* Optional: some OS distributions crank up TLS security to 11,
and in doing so increase the number of plaintext email deliveries.
This introduces basic OpenSSL configuration file support that
may be used to override OS-level settings.
Details are in the postconf(5) manpage under tls_config_file
and tls_config_name.
* Bugfix (defect introduced: Postfix 1.0): the command "postconf
.. name=v1 .. name=v2 .." (multiple instances of the same
parameter name) created multiple main.cf name=value entries
with the same parameter name. It now logs a warning and skips
the earlier name(s) and value(s). Found during code maintenance.
* Bugfix (defect introduced: Postfix 3.3): the command "postconf
-M name1/type1='name2 type2 ...'" died with a segmentation
violation when the request matched multiple master.cf entries.
The master.cf file was not damaged. Problem reported by SATOH
Fumiyasu.
* Bugfix (defect introduced: Postfix 2.11): the command "postconf
-M name1/type1='name2 type2 ...'" could add a service definition
to master.cf that conflicted with an already existing service
definition. It now replaces all existing service definitions
that match the service pattern 'name1/type1' or the service
name and type in 'name2 type2 ...' with a single service
definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu.
* Bugfix (defect introduced: Postfix 3.8) the posttls-finger
command could access uninitialized memory when reconnecting.
This also fixes a malformed warning message when a destination
contains ":service" information. Reported by Thomas Korbar.
* Bugfix (defect introduced: Postfix 3.2): the MySQL client could
return "not found" instead of "error" (for example, resulting
in a 5XX SMTP status instead of 4XX) during the time that all
MySQL server connections were turned down after error. Found
during code maintenance. File: global/dict_mysql.c. This was
already fixed in Postfix 3.4-3.7.
- update to 3.8.1
* Optional: harden a Postfix SMTP server against remote SMTP
clients that violate RFC 2920 (or 5321) command pipelining
constraints. With "smtpd_forbid_unauth_pipelining = yes", the
server disconnects a client immediately, after responding with
"554 5.5.0 Error: SMTP protocol synchronization" and after
logging "improper command pipelining" with the unexpected remote
SMTP client input. This feature is disabled by default in Postfix
3.5-3.8 to avoid breaking home-grown utilities, but it is enabled
by default in Postfix 3.9. A similar feature is enabled by
default in the Exim SMTP server.
* Optional: some OS distributions crank up TLS security to 11,
and in doing so increase the number of plaintext email deliveries.
This introduces basic OpenSSL configuration file support that
may be used to override OS-level settings.
Details are in the postconf(5) manpage under tls_config_file
and tls_config_name.
* Bugfix (defect introduced: Postfix 1.0): the command "postconf
.. name=v1 .. name=v2 .." (multiple instances of the same
parameter name) created multiple main.cf name=value entries
with the same parameter name. It now logs a warning and skips
the earlier name(s) and value(s). Found during code maintenance.
* Bugfix (defect introduced: Postfix 3.3): the command "postconf
-M name1/type1='name2 type2 ...'" died with a segmentation
violation when the request matched multiple master.cf entries.
The master.cf file was not damaged. Problem reported by SATOH
Fumiyasu.
* Bugfix (defect introduced: Postfix 2.11): the command "postconf
-M name1/type1='name2 type2 ...'" could add a service definition
to master.cf that conflicted with an already existing service
definition. It now replaces all existing service definitions
that match the service pattern 'name1/type1' or the service
name and type in 'name2 type2 ...' with a single service
definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu.
* Bugfix (defect introduced: Postfix 3.8) the posttls-finger
command could access uninitialized memory when reconnecting.
This also fixes a malformed warning message when a destination
contains ":service" information. Reported by Thomas Korbar.
* Bugfix (defect introduced: Postfix 3.2): the MySQL client could
return "not found" instead of "error" (for example, resulting
in a 5XX SMTP status instead of 4XX) during the time that all
MySQL server connections were turned down after error. Found
during code maintenance. File: global/dict_mysql.c. This was
already fixed in Postfix 3.4-3.7.
OBS-URL: https://build.opensuse.org/request/show/1091141
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=456
- update to 3.8.0
* Support to look up DNS SRV records in the Postfix SMTP/LMTP
client, Based on code by Tomas Korbar (Red Hat). For example,
with "use_srv_lookup = submission" and "relayhost =
example.com:submission", the Postfix SMTP client will look up
DNS SRV records for _submission._tcp.example.com, and will relay
email through the hosts and ports that are specified with those
records.
* TLS obsolescence: Postfix now treats the "export" and "low"
cipher grade settings as "medium". The "export" and "low" grades
are no longer supported in OpenSSL 1.1.1, the minimum version
required in Postfix 3.6.0 and later. Also, Postfix default
settings now exclude deprecated or unused ciphers (SEED, IDEA,
3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
(DH, ECDH), and public key algorithm (DSS).
* Attack resistance: the Postfix SMTP server can now aggregate
smtpd_client_*_rate and smtpd_client_*_count statistics by
network block instead of by IP address, to raise the bar against
a memory exhaustion attack in the anvil(8) server; Postfix TLS
support unconditionally disables TLS renegotiation in the middle
of an SMTP connection, to avoid a CPU exhaustion attack.
* The PostgreSQL client encoding is now configurable with the
"encoding" Postfix configuration file attribute. The default
is "UTF8". Previously the encoding was hard-coded as "LATIN1",
which is not useful in the context of SMTP.
* The postconf command now warns for #comment in or after a Postfix
parameter value. Postfix programs do not support #comment after
other text, and treat that as input.
- rebase/refresh patches
* pointer_to_literals.patch
* postfix-linux45.patch
* postfix-master.cf.patch
* postfix-ssl-release-buffers.patch
* set-default-db-type.patch
OBS-URL: https://build.opensuse.org/request/show/1080180
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=454
- update to 3.7.4
* Workaround: with OpenSSL 3 and later always turn on
SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
opportunities for TLS session reuse. This is safe because the SMTP protocol
implements application-level framing, and is therefore not affected by TLS
truncation attacks.
* Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound
handles for digest implementations. In sufficiently hostile configurations,
Postfix could mistakenly believe that a digest algorithm is available, and
fail when it is not. A similar workaround may be needed for
EVP_get_cipherbyname().
* Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate
the argument only if there was no prior error.
* Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation
violation when postscreen_dnsbl_threshold < 1. It should reject such input
with a fatal error instead.
* Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions.
* Portability: Linux 6 support.
* Added missing documentation that cidr:, pcre: and regexp: tables support
inline specification only in Postfix 3.7 and later.
* Rebased postfix-linux45.patch
- update to 3.7.4
* Workaround: with OpenSSL 3 and later always turn on
SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
opportunities for TLS session reuse. This is safe because the SMTP protocol
implements application-level framing, and is therefore not affected by TLS
truncation attacks.
* Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound
OBS-URL: https://build.opensuse.org/request/show/1067720
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=453
- SELinux: postfix denied to access /var/spool/postfix/pid/master.pid
(bsc#1207177) Apply proposed changes in postfix.service
- remove patch included into the source:
harden_postfix.service.patch
- SELinux: postfix denied to access /var/spool/postfix/pid/master.pid
(bsc#1207177) Apply proposed changes in postfix.service
- remove patch included into the source:
harden_postfix.service.patch
OBS-URL: https://build.opensuse.org/request/show/1064225
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=452
(bsc#1181381) [Build 130.3] openQA test fails in mta, mutt -
postfix broken: "queue file write error" and "error: unsupported
dictionary type: hash"
Export DEF_DB_TYPE before starting the perl script.
- Update to 3.5.9
- Only do the conversion from the hash/btree databases to lmdb when
the default database type changes from hash to lmdb and do not
stop and start the service (the old compiled databases can live
together with the new ones)
- convert-bdb-to-lmdb.sh
- Clean up the specfile
* Remove < 1330 conditional builds
* Use generated postfix-files instead of the obsolete one from
postfix-SUSE.tar.gz
* Use dynamicmaps.cf.d instead of modifying dynamicmaps.cf upon
(de)installation of optional mysql, pgsql and ldap subpackages
* Use default location for post-install, postfix-tls-script,
postfix-wrapper and postmulti-script
- Set lmdb to be the default db.
- Convert btree tables to lmdb too. Stop postfix before converting from
bdb to lmdb
- This package is without bdb support. That's why convert must be done
without any suse release condition.
o remove patch postfix-no-btree.patch
o add set-default-db-type.patch
- Set database type for address_verify_map and postscreen_cache_map
to lmdb (btree requires Berkeley DB)
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=406
command and changing modify-time of /etc/sysconfig/postfix?
o Remove miss placed fillup_only call from %verifyscript
- Remove Berkeley DB dependency (JIRA#SLE-12191)
The pacakges postfix is build without Berkely DB support.
lmdb will be used instead of BDB.
The pacakges postfix-bdb is build with Berkely DB support.
o add patch for main.cf for postfix-bdb package
postfix-bdb-main.cf.patch
- bsc#1176650 L3: What is regularly triggering the "fillup"
command and changing modify-time of /etc/sysconfig/postfix?
o Remove miss placed fillup_only call from %verifyscript
- Remove Berkeley DB dependency (JIRA#SLE-12191)
The pacakges postfix is build without Berkely DB support.
lmdb will be used instead of BDB.
The pacakges postfix-bdb is build with Berkely DB support.
o add patch for main.cf for postfix-bdb package
postfix-bdb-main.cf.patch
- Update to 3.5.8
* The Postfix SMTP client inserted <CR><LF> into message headers longer
than $line_length_limit (default: 2048), causing all subsequent header
content to become message body content.
* The postscreen daemon did not save a copy of the
postscreen_dnsbl_reply_map lookup result. This has no effect when the
recommended texthash: look table is used, but it could result in stale
data with other lookup tables.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=393
