Accepting request 686001 from home:varkoly:branches:server:mail

- Update to 3.4.4
  o Incompatible changes
    - The Postfix SMTP server announces CHUNKING (BDAT
      command) by default. In the unlikely case that this breaks some
      important remote SMTP client, disable the feature as follows:
      
      /etc/postfix/main.cf:
          # The logging alternative:
          smtpd_discard_ehlo_keywords = chunking
          # The non-logging alternative:
          smtpd_discard_ehlo_keywords = chunking, silent_discard
    - This introduces a new master.cf service 'postlog'
      with type 'unix-dgram' that is used by the new postlogd(8) daemon.
      Before backing out to an older Postfix version, edit the master.cf
      file and remove the postlog entry.
    - Postfix 3.4 drops support for OpenSSL 1.0.1
    - To avoid performance loss under load, the
      tlsproxy(8) daemon now requires a zero process limit in master.cf
      (this setting is provided with the default master.cf file). By
      default, a tlsproxy(8) process will retire after several hours.
    - To set the tlsproxy process limit to zero:
      postconf -F tlsproxy/unix/process_limit=0
      postfix reload
  o Major changes 
    - Postfix SMTP server support for RFC 3030 CHUNKING
      (the BDAT command) without BINARYMIME, in both smtpd(8) and
      postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
      and smtpd_proxy_filter. See BDAT_README for more.
    - Support for logging to file or stdout, instead of using syslog.
    - Logging to file solves a usability problem for MacOS, and

OBS-URL: https://build.opensuse.org/request/show/686001
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=328

postfix-3.3.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8740ab65037500ee7844192cf6b798d52ecc4838cd018337a504c52da813285a
-size 4429713

postfix-3.4.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:27f2ab631a966a40e002aedc6db9281e5970295fa5fd96b29066e457a4601e34
+size 4581121

postfix-linux45.patch

@@ -1,15 +1,13 @@
----
- makedefs |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- makedefs
-+++ makedefs
-@@ -546,7 +546,7 @@ EOF
+--- makedefs.orig	2019-03-11 13:54:48.176455533 +0100
++++ makedefs	2019-03-11 13:55:44.512455319 +0100
+@@ -557,8 +557,8 @@
  		: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
  		: ${PLUGIN_LD="${CC-gcc} -shared"}
  		;;
--  Linux.[34].*)	SYSTYPE=LINUX$RELEASE_MAJOR
-+  Linux.[3-9].*|Linux.[1-9][0-9].*)	SYSTYPE=LINUX3
- 		case "$CCARGS" in
+- Linux.[345].*)	SYSTYPE=LINUX$RELEASE_MAJOR
+-		case "$CCARGS" in
++ Linux.[3-9].*|Linux.[1-9][0-9].*)    SYSTYPE=LINUX3
++   case "$CCARGS" in
  		 *-DNO_DB*) ;;
  		 *-DHAS_DB*) ;;
+ 		 *) if [ -f /usr/include/db.h ]

postfix-master.cf.patch

@@ -1,8 +1,6 @@
-Index: conf/master.cf
-===================================================================
---- conf/master.cf.orig
-+++ conf/master.cf
-@@ -10,33 +10,39 @@
+--- conf/master.cf.orig	2019-03-11 13:45:38.792457629 +0100
++++ conf/master.cf	2019-03-11 13:50:08.312456601 +0100
+@@ -10,6 +10,11 @@
  #               (yes)   (yes)   (no)    (never) (100)
  # ==========================================================================
  smtp      inet  n       -       n       -       -       smtpd
@@ -14,59 +12,18 @@ Index: conf/master.cf
  #smtp      inet  n       -       n       -       1       postscreen
  #smtpd     pass  -       -       n       -       -       smtpd
  #dnsblog   unix  -       -       n       -       0       dnsblog
- #tlsproxy  unix  -       -       n       -       0       tlsproxy
- #submission inet n       -       n       -       -       smtpd
--#  -o syslog_name=postfix/submission
--#  -o smtpd_tls_security_level=encrypt
--#  -o smtpd_sasl_auth_enable=yes
--#  -o smtpd_tls_auth_only=yes
--#  -o smtpd_reject_unlisted_recipient=no
--#  -o smtpd_client_restrictions=$mua_client_restrictions
--#  -o smtpd_helo_restrictions=$mua_helo_restrictions
--#  -o smtpd_sender_restrictions=$mua_sender_restrictions
--#  -o smtpd_recipient_restrictions=
--#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
--#  -o milter_macro_daemon_name=ORIGINATING
-+#   -o syslog_name=postfix/submission
-+#   -o smtpd_tls_security_level=encrypt
-+#   -o smtpd_sasl_auth_enable=yes
-+#   -o smtpd_tls_auth_only=yes
-+#   -o smtpd_reject_unlisted_recipient=no
-+#   -o smtpd_client_restrictions=$mua_client_restrictions
-+#   -o smtpd_helo_restrictions=$mua_helo_restrictions
-+#   -o smtpd_sender_restrictions=$mua_sender_restrictions
-+#   -o smtpd_recipient_restrictions=
-+#   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-+#   -o milter_macro_daemon_name=ORIGINATING
+@@ -29,6 +34,7 @@
  #smtps     inet  n       -       n       -       -       smtpd
--#  -o syslog_name=postfix/smtps
--#  -o smtpd_tls_wrappermode=yes
--#  -o smtpd_sasl_auth_enable=yes
--#  -o smtpd_reject_unlisted_recipient=no
--#  -o smtpd_client_restrictions=$mua_client_restrictions
--#  -o smtpd_helo_restrictions=$mua_helo_restrictions
--#  -o smtpd_sender_restrictions=$mua_sender_restrictions
--#  -o smtpd_recipient_restrictions=
--#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
--#  -o milter_macro_daemon_name=ORIGINATING
-+#    -o syslog_name=postfix/smtps
-+#    -o smtpd_tls_wrappermode=yes
-+#    -o content_filter=smtp:[127.0.0.1]:10024
-+#    -o smtpd_sasl_auth_enable=yes
-+#    -o smtpd_reject_unlisted_recipient=no
-+#    -o smtpd_client_restrictions=$mua_client_restrictions
-+#    -o smtpd_helo_restrictions=$mua_helo_restrictions
-+#    -o smtpd_sender_restrictions=$mua_sender_restrictions
-+#    -o smtpd_recipient_restrictions=
-+#    -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-+#    -o milter_macro_daemon_name=ORIGINATING
- #628       inet  n       -       n       -       -       qmqpd
- pickup    unix  n       -       n       60      1       pickup
- cleanup   unix  n       -       n       -       0       cleanup
-@@ -64,6 +70,27 @@ virtual   unix  -       n       n
- lmtp      unix  -       -       n       -       -       lmtp
+ #  -o syslog_name=postfix/smtps
+ #  -o smtpd_tls_wrappermode=yes
++#  -o content_filter=smtp:[127.0.0.1]:10024
+ #  -o smtpd_sasl_auth_enable=yes
+ #  -o smtpd_reject_unlisted_recipient=no
+ #  -o smtpd_client_restrictions=$mua_client_restrictions
+@@ -65,6 +71,26 @@
  anvil     unix  -       -       n       -       1       anvil
  scache    unix  -       -       n       -       1       scache
+ postlog   unix-dgram n  -       n       -       1       postlogd
 +#localhost:10025 inet   n       -       n       -       -       smtpd
 +#  -o content_filter=
 +#  -o smtpd_delay_reject=no
@@ -87,11 +44,10 @@ Index: conf/master.cf
 +#  -o local_header_rewrite_clients=
 +#  -o local_recipient_maps=
 +#  -o relay_recipient_maps=
-+
  #
  # ====================================================================
  # Interfaces to non-Postfix software. Be sure to examine the manual
-@@ -97,7 +124,7 @@ scache    unix  -       -       n
+@@ -98,7 +124,7 @@
  # Also specify in main.cf: cyrus_destination_recipient_limit=1
  #
  #cyrus     unix  -       n       n       -       -       pipe
@@ -100,7 +56,7 @@ Index: conf/master.cf
  #
  # ====================================================================
  #
-@@ -130,3 +157,10 @@ scache    unix  -       -       n
+@@ -131,3 +157,10 @@
  #mailman   unix  -       n       n       -       -       pipe
  #  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  #  ${nexthop} ${user}

postfix-ssl-release-buffers.patch

@@ -1,34 +1,27 @@
-Index: src/tls/tls_client.c
-===================================================================
---- src/tls/tls_client.c.orig
-+++ src/tls/tls_client.c
-@@ -363,6 +363,12 @@ TLS_APPL_STATE *tls_client_init(const TL
+--- src/tls/tls_client.c.orig	2019-03-11 14:24:34.492448719 +0100
++++ src/tls/tls_client.c	2019-03-11 14:27:42.824448001 +0100
+@@ -397,6 +397,11 @@
      SSL_CTX_set_security_level(client_ctx, 0);
  #endif
  
-+    /* Keep memory usage as low as possible */
-+
 +#ifdef SSL_MODE_RELEASE_BUFFERS
++    /* Keep memory usage as low as possible */
 +    SSL_CTX_set_mode(client_ctx, SSL_MODE_RELEASE_BUFFERS);
 +#endif
 +
      /*
       * See the verify callback in tls_verify.c
       */
-Index: src/tls/tls_server.c
-===================================================================
---- src/tls/tls_server.c.orig
-+++ src/tls/tls_server.c
-@@ -454,6 +454,12 @@ TLS_APPL_STATE *tls_server_init(const TL
-     SSL_CTX_set_security_level(server_ctx, 0);
+--- src/tls/tls_server.c.orig	2019-03-11 14:26:04.700448375 +0100
++++ src/tls/tls_server.c	2019-03-11 14:27:49.184447977 +0100
+@@ -455,6 +455,10 @@
+     SSL_CTX_set_security_level(sni_ctx, 0);
  #endif
  
-+    /* Keep memory usage as low as possible */
-+
 +#ifdef SSL_MODE_RELEASE_BUFFERS
++    /* Keep memory usage as low as possible */
 +    SSL_CTX_set_mode(server_ctx, SSL_MODE_RELEASE_BUFFERS);
 +#endif
-+
      /*
       * See the verify callback in tls_verify.c
       */

postfix.changes

@@ -1,3 +1,75 @@
+-------------------------------------------------------------------
+Mon Mar 18 09:56:11 UTC 2019 - Peter Varkoly <varkoly@suse.com>
+
+- Update to 3.4.4
+
+  o Incompatible changes
+    - The Postfix SMTP server announces CHUNKING (BDAT
+      command) by default. In the unlikely case that this breaks some
+      important remote SMTP client, disable the feature as follows:
+      
+      /etc/postfix/main.cf:
+          # The logging alternative:
+          smtpd_discard_ehlo_keywords = chunking
+          # The non-logging alternative:
+          smtpd_discard_ehlo_keywords = chunking, silent_discard
+    - This introduces a new master.cf service 'postlog'
+      with type 'unix-dgram' that is used by the new postlogd(8) daemon.
+      Before backing out to an older Postfix version, edit the master.cf
+      file and remove the postlog entry.
+    - Postfix 3.4 drops support for OpenSSL 1.0.1
+    - To avoid performance loss under load, the
+      tlsproxy(8) daemon now requires a zero process limit in master.cf
+      (this setting is provided with the default master.cf file). By
+      default, a tlsproxy(8) process will retire after several hours.
+    - To set the tlsproxy process limit to zero:
+      postconf -F tlsproxy/unix/process_limit=0
+      postfix reload
+  o Major changes 
+    - Postfix SMTP server support for RFC 3030 CHUNKING
+      (the BDAT command) without BINARYMIME, in both smtpd(8) and
+      postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
+      and smtpd_proxy_filter. See BDAT_README for more.
+    - Support for logging to file or stdout, instead of using syslog.
+    - Logging to file solves a usability problem for MacOS, and
+      eliminates multiple problems with systemd-based systems.
+    - Logging to stdout is useful when Postfix runs in a container, as
+      it eliminates a syslogd dependency.
+    - Better handling of undocumented(!) Linux behavior
+      whether or not signals are delivered to a PID=1 process.
+    - Support for (key, list of filenames) in map source text.
+      Currently, this feature is used only by tls_server_sni_maps.
+    - Automatic retirement: dnsblog(8) and tlsproxy(8) process
+      will now voluntarily retire after after max_idle*max_use, or some
+      sane limit if either limit is disabled. Without this, a process
+      could stay busy for days or more.
+    - Postfix SMTP client support for multiple deliveries
+      per TLS-encrypted connection. This is primarily to improve mail
+      delivery performance for destinations that throttle clients when
+      they don't combine deliveries.
+      This feature is enabled with "smtp_tls_connection_reuse=yes" in
+      main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps.
+      It supports all Postfix TLS security levels including dane and
+      dane-only.
+    - SNI support in the Postfix SMTP server, the
+      Postfix SMTP client, and in the tlsproxy(8) daemon (both server and
+      client roles). See the postconf(5) documentation for the new
+      tls_server_sni_maps and smtp_tls_servername parameters.
+    - Support for files that contain multiple (key, certificate, trust chain)
+      instances. This was required to implement
+      server-side SNI table lookups, but it also eliminates the need for
+      separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
+    - Support for smtpd_reject_footer_maps (as well as the postscreen
+      variant postscreen_reject_footer_maps) for more informative reject
+      messages. This is indexed with the Postfix SMTP server response
+      text, and overrides the footer specified with smtpd_reject_footer.
+      One will want to use a pcre: or regexp: map with this.
+  o Bugfixes
+    - Andreas Schulze discovered that reject_multi_recipient_bounce
+      was producing false rejects with BDAT commands. This problem
+      already existed with Postfix 2.2 smtpd_end_of_data_restrictons.
+      Postfix 3.4.4 fixes both. 
+
 -------------------------------------------------------------------
 Tue Mar  5 13:21:35 UTC 2019 - Jiri Slaby <jslaby@suse.com>
 

postfix.spec

@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
 
@@ -55,7 +55,7 @@
 %bcond_with    libnsl
 %endif
 Name:           postfix
-Version:        3.3.3
+Version:        3.4.4
 Release:        0
 Summary:        A fast, secure, and flexible mailer
 License:        IPL-1.0 OR EPL-2.0