- Do not strip binaries at all
- also drop " -s " from the CCARGS to prevent stripping there
- Re-add dropped change:
- fix postfix-SUSE.tar.gz, postfix.service: correct path for postalias
from /sbin/postalias to /usr/sbin/postalias
- Don't fail strip on non-existing files (easy hack to fix 32bit
builds).
- Do not strip binaries at all
- also drop " -s " from the CCARGS to prevent stripping there
- Re-add dropped change:
- fix postfix-SUSE.tar.gz, postfix.service: correct path for postalias
from /sbin/postalias to /usr/sbin/postalias
OBS-URL: https://build.opensuse.org/request/show/1328660
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postfix?expand=0&rev=261
- Re-add dropped change:
- fix postfix-SUSE.tar.gz, postfix.service: correct path for postalias
from /sbin/postalias to /usr/sbin/postalias
- Don't fail strip on non-existing files (easy hack to fix 32bit
builds).
- Do not strip binaries at all
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=553
- (jsc#PED-14859) Fix packages for Immutable Mode - postfix
- Put /etc/permissions.d/postfix.paranoid into the postfix-SUSE.tar.gz
- fix postfix-SUSE.tar.gz, postfix.service: correct path for postalias
from /sbin/postalias to /usr/sbin/postalias
- update to 3.10.7
* This patch addresses build errors on recent Linux distributions.
With the patch, Postfix builds will run the compiler with a
backwards compatibility option that is supported by Gcc and Clang.
For other compilers, an error message provides hints.
- Add /var/spool/mail to the permissions.d drop-in. This directory used to be
whitelisted globally in the permissions package but an update for the exim
mail server changed that (bsc#1254597 bsc#1240755).
- Reintroduce permissions.d/postfix-paranoid drop-in that was removed in r534.
- postfix is unable to send mail by default (bsc#1253775)
o Clean up the package
* Get rid of config.postfix script to avoid unintentional changes
of the configuration. The sysconfig files mail and postfix
were removed also.
* Deliver the original main.cf and master.cf
* Remove a lot of deprecated stuff from the package.
* Remove the ExecStartPre scripts to maintain the postmaps
and the chroot environment.
* A new ExecStartPre script manages the default alias map which
is part of the default configuration of postfix.
/sbin/postalias /etc/aliases
OBS-URL: https://build.opensuse.org/request/show/1327227
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postfix?expand=0&rev=259
* This patch addresses build errors on recent Linux distributions.
With the patch, Postfix builds will run the compiler with a
backwards compatibility option that is supported by Gcc and Clang.
For other compilers, an error message provides hints.
- update to 3.10.7
* This patch addresses build errors on recent Linux distributions.
With the patch, Postfix builds will run the compiler with a
backwards compatibility option that is supported by Gcc and Clang.
For other compilers, an error message provides hints.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=538
whitelisted globally in the permissions package but an update for the exim
mail server changed that (bsc#1254597 bsc#1240755).
- Reintroduce permissions.d/postfix-paranoid drop-in that was removed in r534.
- Add /var/spool/mail to the permissions.d drop-in. This directory used to be
whitelisted globally in the permissions package but an update for the exim
mail server changed that (bsc#1254597 bsc#1240755).
- Reintroduce permissions.d/postfix-paranoid drop-in that was removed in r534.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=537
o Clean up the package
* Get rid of config.postfix script to avoid unintentional changes
of the configuration. The sysconfig files mail and postfix
were removed also.
* Deliver the original main.cf and master.cf
* Remove a lot of deprecated stuff from the package.
* Remove the ExecStartPre scripts to maintain the postmaps
and the chroot environment.
* A new ExecStartPre script manages the default alias map which
is part of the default configuration of postfix.
/sbin/postalias /etc/aliases
* Do not use the permissions framework. A new ExecStartPre script
takes care of the right permissions: /usr/sbin/postfix set-permissions
* Remove mkpostfixcert
- postfix is unable to send mail by default (bsc#1253775)
o Clean up the package
* Get rid of config.postfix script to avoid unintentional changes
of the configuration. The sysconfig files mail and postfix
were removed also.
* Deliver the original main.cf and master.cf
* Remove a lot of deprecated stuff from the package.
* Remove the ExecStartPre scripts to maintain the postmaps
and the chroot environment.
* A new ExecStartPre script manages the default alias map which
is part of the default configuration of postfix.
/sbin/postalias /etc/aliases
* Do not use the permissions framework. A new ExecStartPre script
takes care of the right permissions: /usr/sbin/postfix set-permissions
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=534
* Bugfix (defect introduced: Postfix 3.10, date: 20250117).
Symptom: warning messages that smtp_tls_wrappermode requires
"smtp_tls_security_level = encrypt".
Root cause: support for "TLS-Required: no" broke client-side
TLS wrappermode support, by downgrading a connection to TLS
security level 'may'.
The fix changes the downgrade level for wrappermode connections
to 'encrypt'. Rationale: by design, TLS can be optional only
for connections that use STARTTLS. The downgrade to unauthenticated
'encrypt' allows a sender to avoid an email delivery problem.
Problem reported by Joshua Tyler Cochran.
* New logging: the Postfix SMTP client will log a warning when
an MX hostname does not match STS policy MX patterns, with
"smtp_tls_enforce_sts_mx_patterns = yes" in Postfix, and with
TLSRPT support enabled in a TLS policy plugin. It will log a
successful match only when verbose logging is enabled.
* Bugfix (defect introduced: Postfix 3.10, date: 20240902): SMTP
client null pointer crash when an STS policy plugin sends no
policy_string or no mx_pattern attributes. This can happen only
during tests with a fake STS plugin.
* Bugfix (defect introduced: Postfix 2.9, date: 20120307): segfault
when a duplicate parameter name is given to "postconf -X" or
"postconf -#'.
* Documentation: removed incorrect text from the parameter
description for smtp_cname_overrides_servername. File:
proto/postconf.proto.
- update to 3.10.6
* Bugfix (defect introduced: Postfix 3.10, date: 20250117).
Symptom: warning messages that smtp_tls_wrappermode requires
"smtp_tls_security_level = encrypt".
Root cause: support for "TLS-Required: no" broke client-side
TLS wrappermode support, by downgrading a connection to TLS
security level 'may'.
The fix changes the downgrade level for wrappermode connections
to 'encrypt'. Rationale: by design, TLS can be optional only
for connections that use STARTTLS. The downgrade to unauthenticated
'encrypt' allows a sender to avoid an email delivery problem.
Problem reported by Joshua Tyler Cochran.
* New logging: the Postfix SMTP client will log a warning when
an MX hostname does not match STS policy MX patterns, with
"smtp_tls_enforce_sts_mx_patterns = yes" in Postfix, and with
TLSRPT support enabled in a TLS policy plugin. It will log a
successful match only when verbose logging is enabled.
* Bugfix (defect introduced: Postfix 3.10, date: 20240902): SMTP
client null pointer crash when an STS policy plugin sends no
policy_string or no mx_pattern attributes. This can happen only
during tests with a fake STS plugin.
* Bugfix (defect introduced: Postfix 2.9, date: 20120307): segfault
when a duplicate parameter name is given to "postconf -X" or
"postconf -#'.
* Documentation: removed incorrect text from the parameter
description for smtp_cname_overrides_servername. File:
proto/postconf.proto.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=532
* Workaround for an interface mis-match between the Postfix SMTP
client and MTA-STS policy plugins.
* The existing behavior is to connect to any MX host listed
in DNS, and to match the server certificate against any STS
policy MX host pattern.
* The corrected behavior is to connect to an MX host only if
its name matches any STS policy MX host pattern, and to
match the server certificate against the MX hostname.
The corrected behavior must be enabled in two places: in Postfix
with a new parameter "smtp_tls_enforce_sts_mx_patterns" (default:
"yes") and in an MTA-STS plugin by enabling TLSRPT support, so
that the plugin forwards STS policy attributes to Postfix. This
works even if Postfix TLSRPT support is disabled at build time
or at runtime.
* TLSRPT Workaround: when a TLSRPT policy-type value is
"no-policy-found", pretend that the TLSRPT policy domain value
is equal to the recipient domain. This ignores that different
policy types (TLSA, STS) use different policy domains. But this
is what Microsoft does, and therefore, what other tools expect.
* Bugfix (defect introduced: Postfix 3.0): the Postfix SMTP
client's connection reuse logic did not distinguish between
sessions that require SMTPUTF8 support, and sessions that do
not. The solution is 1) to store sessions with different SMTPUTF8
requirements under distinct connection cache storage keys, and
2) to not cache a connection when SMTPUTF8 is required but the
server does not support that feature.
* Bugfix (defect introduced: Postfix 3.0, date 20140731): the
smtpd 'disconnect' command statistics did not count commands
with "bad syntax" and "bad UTF-8 syntax" errors.
* Bugfix: the August 2025 patch broke DBM library support which
is still needed on Solaris; and the same change could result
in warnings with "database X is older than source file Y".
* Postfix 3.11 forward compatibility: to avoid ugly warnings when
Postfix 3.11 is rolled back to an older version, allow a
preliminary 'size' record in maildrop queue files created with
Postfix 3.11 or later.
* Bugfix (defect introduced: Postfix 3.8, date 20220128):
non-reproducible build, because the 'postconf -e' output order
for new main.cf entries was no longer deterministic. Problem
reported by Oleksandr Natalenko, diagnosis by Eray Aslan.
* To make builds predictable, add missing meta_directory and
shlib_directory settings to the stock main.cf file. Problem
diagnosed by Eray Aslan.
* Bugfix (defect introduced: Postfix 3.9, date 20230517):
posttls-finger(1) logged an incorrectly-formatted port number.
Viktor Dukhovni.
- rebase postfix-bdb-main.cf.patch
- adapt rpmlint
o dir-or-file-outside-snapshot
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=530
- update to 3.10.4
* Fixes for postscreen(8):
- Bugfix (defect introduced: Postfix 2.2, date 20050203): after
detecting a lookup table change, and after starting a new
postscreen process, the old postscreen process logged an ENOTSOCK
error while attempting to accept a connection on a socket that
it was no longer listening on. This error was introduced first
in the multi_server skeleton code, and was five years later
duplicated in the event_server skeleton that was created for
postscreen.
- Bugfix (defect introduced: Postfix 2.8, date 20101230):
after detecting a cache table change and before starting a new
postscreen process, the old postscreen process did not close the
postscreen_cache_map, and therefore kept an exclusive lock that
could prevent a new postscreen process from starting.
* Fixes for tlsproxy(8):
- Bugfix (defect introduced: Postfix 3.7): incorrect backwards
compatible support for the legacy configuration parameters
tlsproxy_client_level and tlsproxy_client_policy. This
disabled the tlsproxy TLS client role when a legacy parameter
was set (instead of the newer tlsproxy_client_security_level
or tlsproxy_client_policy_maps).
- Bugfix (defect introduced: Postfix 3.4): with the TLS client role
disabled by configuration, the tlsproxy daemon dereferenced a
null pointer while handling a tlsproxy client request.
* Reducing process churn: Postfix daemons no longer automatically
restart after a btree:, dbm:, hash:, lmdb:, or sdbm: table file
modification time change, when they opened that table for writing.
* Portability: deleted an <openssl/engine.h> build dependency,
because the feature is being removed from OpenSSL, and Postfix
no longer needs it.
* Cleanup: with "tls_required_enable = yes", the Postfix SMTP client
will no longer maintain TLSRPT statistics for messages that contain
a "TLS-Required: no" header. This can prevent TLSRPT notifications
for TLSRPT notifications.
* Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS
client code logged "Untrusted TLS connection" (wrong) instead of
"Trusted TLS connection" (right), for a new or resumed TLS session,
when a server offered a trusted (valid PKI trust chain) certificate
that did not match the expected server name pattern.
OBS-URL: https://build.opensuse.org/request/show/1300344
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=528
* Bugfix (defect introduced: Postfix-3.10, date 20250117): include
the current TLS security level in the SMTP connection cache
lookup key for lookups by next-hop destination, to avoid reusing
the same SMTP connection when sending messages with and without
a "TLS-Required: no" header. Likewise, include the current TLS
security level in the TLS session lookup key, to avoid reusing
the same TLS session info when sending messages with and without
a "TLS-Required: no" header.
* Bugfix (defect introduced: Postfix-3.10, date 20250117): the
Postfix SMTP client attempted to look up TLSA records even with
"TLS-Required: no". This could result in unnecessary failures.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=526
2025-08-07 18:51:15 +00:00
6 changed files with 74 additions and 17 deletions
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
