| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: postfix | Distribution: openSUSE:Factory:zSystems |
| Version: 3.8.4 | Vendor: openSUSE |
| Release: 2.1 | Build date: Thu Dec 28 23:29:37 2023 |
| Group: Productivity/Networking/Email/Servers | Build host: s390zl24 |
| Size: 3521722 | Source RPM: postfix-3.8.4-2.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: http://www.postfix.org | |
| Summary: A fast, secure, and flexible mailer | |
Postfix aims to be an alternative to the widely-used sendmail program.
EPL-2.0 OR IPL-1.0
* Thu Dec 28 2023 Dirk Müller <dmueller@suse.com>
- update default configuration to enable the long-term fix for
bsc#1218304, CVE-2023-51764, SMTP smuggling attack:
* smtpd_forbid_bare_newline = yes
* smtpd_forbid_bare_newline_exclusions = $mynetworks
* Fri Dec 22 2023 Arjen de Korte <suse+build@de-korte.org>
- update to 3.8.4 (bsc#1218304, CVE-2023-51764):
* Security: this release adds support to defend
against an email spoofing attack (SMTP smuggling) on
recipients at a Postfix server. For background, see
https://www.postfix.org/smtp-smuggling.html
* Fri Nov 03 2023 Arjen de Korte <suse+build@de-korte.org>
- update to 3.8.3
* Bugfix (defect introduced Postfix 2.5, date 20080104): the
Postfix SMTP server was waiting for a client command instead
of replying immediately, after a client certificate verification
error in TLS wrappermode. Reported by Andreas Kinzler.
* Usability: the Postfix SMTP server (finally) attempts to log
the SASL username after authentication failure. In Postfix
logging, this appends ", sasl_username=xxx" after the reason
for SASL authentication failure. The logging replaces an
unavailable reason with "(reason unavailable)", and replaces
an unavailable sasl_username with "(unavailable)". Based on
code by Jozsef Kadlecsik.
* Compatibility bugfix (defect introduced: Postfix 2.11, date
20130405): in forward_path, the expression ${recipient_delimiter}
would expand to an empty string when a recipient address had
no recipient delimiter. The compatibility fix is to use a
configured recipient delimiter value instead. Reported by Tod
A. Sandman.
* Mon Oct 23 2023 Peter Varkoly <varkoly@suse.com>
- Syntax error in update_postmaps script (bsc#1216061)
* Mon Sep 18 2023 Peter Varkoly <varkoly@suse.com>
- postfix: config.postfix causes too tight permission on main.cf
(bsc#1215372)
* Tue Aug 15 2023 Peter Varkoly <varkoly@suse.com>
- CVE-2023-32182: postfix: config_postfix SUSE specific script
potentially bad /tmp file usage (bsc#1211196)
Use temp file created by mktemp
* Tue Jun 06 2023 Arjen de Korte <suse+build@de-korte.org>
- update to 3.8.1
* Optional: harden a Postfix SMTP server against remote SMTP
clients that violate RFC 2920 (or 5321) command pipelining
constraints. With "smtpd_forbid_unauth_pipelining = yes", the
server disconnects a client immediately, after responding with
"554 5.5.0 Error: SMTP protocol synchronization" and after
logging "improper command pipelining" with the unexpected remote
SMTP client input. This feature is disabled by default in Postfix
3.5-3.8 to avoid breaking home-grown utilities, but it is enabled
by default in Postfix 3.9. A similar feature is enabled by
default in the Exim SMTP server.
* Optional: some OS distributions crank up TLS security to 11,
and in doing so increase the number of plaintext email deliveries.
This introduces basic OpenSSL configuration file support that
may be used to override OS-level settings.
Details are in the postconf(5) manpage under tls_config_file
and tls_config_name.
* Bugfix (defect introduced: Postfix 1.0): the command "postconf
.. name=v1 .. name=v2 .." (multiple instances of the same
parameter name) created multiple main.cf name=value entries
with the same parameter name. It now logs a warning and skips
the earlier name(s) and value(s). Found during code maintenance.
* Bugfix (defect introduced: Postfix 3.3): the command "postconf
- M name1/type1='name2 type2 ...'" died with a segmentation
violation when the request matched multiple master.cf entries.
The master.cf file was not damaged. Problem reported by SATOH
Fumiyasu.
* Bugfix (defect introduced: Postfix 2.11): the command "postconf
- M name1/type1='name2 type2 ...'" could add a service definition
to master.cf that conflicted with an already existing service
definition. It now replaces all existing service definitions
that match the service pattern 'name1/type1' or the service
name and type in 'name2 type2 ...' with a single service
definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu.
* Bugfix (defect introduced: Postfix 3.8) the posttls-finger
command could access uninitialized memory when reconnecting.
This also fixes a malformed warning message when a destination
contains ":service" information. Reported by Thomas Korbar.
* Bugfix (defect introduced: Postfix 3.2): the MySQL client could
return "not found" instead of "error" (for example, resulting
in a 5XX SMTP status instead of 4XX) during the time that all
MySQL server connections were turned down after error. Found
during code maintenance. File: global/dict_mysql.c. This was
already fixed in Postfix 3.4-3.7.
* Thu May 04 2023 Dominique Leuenberger <dimstar@opensuse.org>
- Add _multibuild to define 2nd spec file as additional flavor.
Eliminates the need for source package links in OBS.
* Tue Apr 18 2023 Arjen de Korte <suse+build@de-korte.org>
- update to 3.8.0
* Support to look up DNS SRV records in the Postfix SMTP/LMTP
client, Based on code by Tomas Korbar (Red Hat). For example,
with "use_srv_lookup = submission" and "relayhost =
example.com:submission", the Postfix SMTP client will look up
DNS SRV records for _submission._tcp.example.com, and will relay
email through the hosts and ports that are specified with those
records.
* TLS obsolescence: Postfix now treats the "export" and "low"
cipher grade settings as "medium". The "export" and "low" grades
are no longer supported in OpenSSL 1.1.1, the minimum version
required in Postfix 3.6.0 and later. Also, Postfix default
settings now exclude deprecated or unused ciphers (SEED, IDEA,
3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
(DH, ECDH), and public key algorithm (DSS).
* Attack resistance: the Postfix SMTP server can now aggregate
smtpd_client_*_rate and smtpd_client_*_count statistics by
network block instead of by IP address, to raise the bar against
a memory exhaustion attack in the anvil(8) server; Postfix TLS
support unconditionally disables TLS renegotiation in the middle
of an SMTP connection, to avoid a CPU exhaustion attack.
* The PostgreSQL client encoding is now configurable with the
"encoding" Postfix configuration file attribute. The default
is "UTF8". Previously the encoding was hard-coded as "LATIN1",
which is not useful in the context of SMTP.
* The postconf command now warns for #comment in or after a Postfix
parameter value. Postfix programs do not support #comment after
other text, and treat that as input.
- rebase/refresh patches
* pointer_to_literals.patch
* postfix-linux45.patch
* postfix-master.cf.patch
* postfix-ssl-release-buffers.patch
* set-default-db-type.patch
* Sat Feb 25 2023 Otto Hollmann <otto.hollmann@suse.com>
- update to 3.7.4
* Workaround: with OpenSSL 3 and later always turn on
SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
opportunities for TLS session reuse. This is safe because the SMTP protocol
implements application-level framing, and is therefore not affected by TLS
truncation attacks.
* Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound
handles for digest implementations. In sufficiently hostile configurations,
Postfix could mistakenly believe that a digest algorithm is available, and
fail when it is not. A similar workaround may be needed for
EVP_get_cipherbyname().
* Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate
the argument only if there was no prior error.
* Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation
violation when postscreen_dnsbl_threshold < 1. It should reject such input
with a fatal error instead.
* Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions.
* Portability: Linux 6 support.
* Added missing documentation that cidr:, pcre: and regexp: tables support
inline specification only in Postfix 3.7 and later.
* Rebased postfix-linux45.patch
* Thu Feb 09 2023 Peter Varkoly <varkoly@suse.com>
- SELinux: postfix denied to access /var/spool/postfix/pid/master.pid
(bsc#1207177) Apply proposed changes in postfix.service
- remove patch included into the source:
harden_postfix.service.patch
* Wed Jan 25 2023 Thorsten Kukuk <kukuk@suse.com>
- Disable NIS support on Factory (deprecated and will be removed)
* Wed Jan 18 2023 Hu <cathy.hu@suse.com>
- Fix SELinux labeling issue caused by /usr/sbin/config.postfix (bsc#1207227).
* Mon Nov 14 2022 Peter Varkoly <varkoly@suse.com>
- postfix default main.cf myhostname default causes conflict
(bsc#1192173)
Use the postfix build in defaults for myhostname and mydestination
* Sun Oct 09 2022 Michael Ströder <michael@stroeder.com>
- update to 3.7.3
* Fixed a bug where some messages were not delivered after
"warning: Unexpected record type 'X'.
* Workaround: in a TLS server disable Postfix's 1-element internal session
cache, to work around an OpenSSL 3.0 regression that broke TLS handshakes.
* Code health: the fix for milter_header_checks (3.7.1, 3.6.6, 3.5.16, 3.4.26)
introduced a missing msg_panic() argument (in code that never executes).
* Code health: Postfix 3.3.0 introduced an uninitialized verify_append()
request status in case of a null original recipient address.
* Postfix 3.5.0 introduced debug logging noise in map_search_create().
* Tue Sep 06 2022 Ludwig Nussel <lnussel@suse.de>
- own /var/spool/mail (boo#1179574)
* Thu Aug 04 2022 chris@computersalat.de
- use correct source signature file (gpg2)
* Mon Jul 11 2022 chris@computersalat.de
- update to 3.7.2
https://de.postfix.org/ftpmirror/official/postfix-3.7.2.RELEASE_NOTES
- rebase patches
* pointer_to_literals.patch
* postfix-linux45.patch
* postfix-main.cf.patch
* postfix-master.cf.patch
* postfix-no-md5.patch
* postfix-ssl-release-buffers.patch
* postfix-vda-v14-3.0.3.patch
* set-default-db-type.patch
- build against libpcre2
* Tue May 10 2022 chris@computersalat.de
- remove *.swp from postfix-SUSE.tar.gz
* Tue May 03 2022 chris@computersalat.de
- fix config.postfix 'hash' leftover with relay_recipients
- update postfix-main.cf.patch about
* smtp_tls_security_level (obsoletes smtp_use_tls, smtp_enforce_tls)
* smtpd_tls_security_level (obsoletes smtpd_use_tls, smtpd_enforce_tls)
- rebase/refresh patches
* harden_postfix.service.patch
* postfix-avoid-infinit-loop-if-no-permission.patch
* postfix-master.cf.patch
* postfix-vda-v14-3.0.3.patch
* set-default-db-type.patch
* Mon May 02 2022 Dominique Leuenberger <dimstar@opensuse.org>
- Change ed requires to /usr/bin/ed: allow busybox-ed to be used
inside containers.
* Mon Apr 25 2022 Marcus Rueckert <mrueckert@suse.de>
- add missing requires for config.postfix and the postfix
postinstall script: perl and ed
* Mon Apr 18 2022 Michael Ströder <michael@stroeder.com>
- update to 3.6.6
* (problem introduced: Postfix 2.7) The milter_header_checks maps
are now opened before the cleanup(8) server enters the chroot
jail.
* In an internal client module, "host or service not found" was
a fatal error, causing the milter_default_action setting to be
ignored. It is now a non-fatal error, just like a failure to
connect.
* The proxy_read_maps default value was missing up to 27 parameter
names. The corresponding lookup tables were not automatically
authorized for use with the proxymap(8) service. The parameter
names were ending in _checks, _reply_footer, _reply_filter,
_command_filter, and _delivery_status_filter.
* (problem introduced: Postfix 3.0) With dynamic map loading
enabled, an attempt to create a map with "postmap regexp:path"
would result in a bogus error message "Is the postfix-regexp
package installed?" instead of "unsupported map type for this
operation". This happened with all non-dynamic map types (static,
cidr, etc.) that have no 'bulk create' support.
* Mon Apr 04 2022 Peter Varkoly <varkoly@suse.com>
- config.postfix fails to set smtp_tls_security_level
(bsc#1192314)
* Tue Mar 29 2022 Илья Индиго <ilya@ilya.cf>
- Refreshed spec-file via spec-cleaner and manual optimizated.
* Added -p flag to all install commands.
* Removed -f flag from all ln commands.
- Changed file harden_postfix.service.patch (boo#1191988).
* Fri Mar 18 2022 Michael Ströder <michael@stroeder.com>
- update to 3.6.5
* Glibc 2.34 implements closefrom(). This was causing a conflict
with Postfix's implementation for systems that have no closefrom()
implementation.
* Support for Berkeley DB version 18.
- removed obsolete postfix-3.6.2-glibc-234-build-fix.patch
* Mon Mar 14 2022 Peter Varkoly <varkoly@suse.com>
- Postfix on start don't run postalias /etc/postfix/aliases
(error open database /etc/postfix/aliases.lmdb). (bsc#1197041)
Apply proposed patch
* Wed Feb 09 2022 Peter Varkoly <varkoly@suse.com>
- config.postfix can't handle symlink'd /etc/resolv.cof
(bsc#1195019)
Adapt proposed change: using "cp -afL" by copying.
* Tue Jan 18 2022 Michael Ströder <michael@stroeder.com>
- Update to 3.6.4
* Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient
entries in postconf output. This was caused by an incomplete
fix to send SMTP session transcripts to $bounce_notice_recipient.
* Bug introduced in Postfix 3.0: the proxymap daemon did not
automatically authorize proxied maps inside pipemap (example:
pipemap:{proxy:maptype:mapname, ...}) or inside unionmap.
* Bug introduced in Postfix 2.5: off-by-one error while writing
a string terminator. This code passed all memory corruption
tests, presumably because it wrote over an alignment padding
byte, or over an adjacent character byte that was never read.
* The proxymap daemon did not automatically authorize map features
added after Postfix 3.3, caused by missing *_maps parameter
names in the proxy_read_maps default value. Found during code
maintenance.
* Mon Nov 08 2021 Michael Ströder <michael@stroeder.com>
- Update to 3.6.3
* (problem introduced in Postfix 2.4, released in 2007): queue
file corruption after a Milter (for example, MIMEDefang) made
a request to replace the message body with a copy of that message
body plus additional text (for example, a SpamAssassin report).
* (problem introduced in Postfix 2.10, released in 2012): The
postconf "-x" option could produce incorrect output, because
multiple functions were implicitly sharing a buffer for
intermediate results. Problem report by raf, root cause analysis
by Viktor Dukhovni.
* (problem introduced in Postfix 2.11, released in 2013): The
check_ccert_access feature worked as expected, but produced a
spurious warning when Postfix was built without SASL support.
Fix by Brad Barden.
* Fix for a compiler warning due to a missing 'const' qualifier
when compiling Postfix with OpenSSL 3. Depending on compiler
settings this could cause the build to fail.
* The known_tcp_ports settings had no effect. It also wasn't fully
implemented. Problem report by Peter.
* Fix for missing space between a hostname and warning text.
* Fri Oct 22 2021 Dirk Stoecker <opensuse@dstoecker.de>
- Ensure postfix can write to home directory or server side
filtering wont work (sieve)
* Fri Oct 22 2021 Johannes Segitz <jsegitz@suse.com>
- Ensure service can write to /etc/postfix
* Thu Oct 21 2021 Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service (bsc#1181400). Added
harden_postfix.service.patch
* Thu Oct 07 2021 Peter Varkoly <varkoly@suse.com>
- config.postfix not updatet after lmdb switch
(bsc#1190945)
Adapt config.postfix
* Thu Aug 26 2021 Peter Varkoly <varkoly@suse.com>
- postfix master.cf: to include "submissions" service
(bsc#1189684)
Adapt master.cf patch
* Tue Aug 24 2021 Peter Varkoly <varkoly@suse.com>
- postfix fails with glibc 2.34
Define HAS_CLOSEFROM
(bsc#1189101)
add patch
- postfix-3.6.2-glibc-234-build-fix.patch
* Thu Aug 05 2021 chris@computersalat.de
- fix config.postfix (follow up of bsc#1188477)
* Mon Jul 26 2021 Peter Varkoly <varkoly@suse.com>
- Syntax error in config.postfix
(bsc#1188477)
* Sun Jul 25 2021 Michael Ströder <michael@stroeder.com>
- Update to 3.6.2
* In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal
error in the compatibility_level parser, because there was no
'errno = 0' statement before an strtol() call.
* (problem introduced in Postfix 3.3) "Null pointer read" error
in the cleanup daemon when "header_from_format = standard" (the
default as of Postfix 3.3), and email was submitted with
/usr/sbin/sendmail without From: header, and an all-space full
name was specified in 1) the password file, 2) with "sendmail
- F", or 3) with the NAME environment variable. Found by Renaud
Metrich.
* (problem introduced in Postfix 2.4) False "too many reverse
jump" warnings in the showq daemon, because loop detection code
was comparing memory addresses instead of queue file names.
Reported by Mehmet Avcioglu.
* (problem introduced in 1999) The Postfix SMTP server was sending
all session transcripts to the error_notice_recipient (default:
postmaster), instead of sending transcripts of bounced mail to
the bounce_notice_recipient (default: postmaster). Reported by
Hans van Zijst.
* The texthash: map implementation broke tls_server_sni_maps,
because it did not support multi-file inputs. Reported by
Christopher Gurnee, who also found an instance of the missing
code in the "postmap -F" source code. File: util/dict_thash.c.
* Wed Jul 14 2021 Peter Varkoly <varkoly@suse.com>
- spamd wants to start before mail-transfer-agent.target, but that target doesn't exist
(bsc#1066854)
* Tue Jul 06 2021 Christian Wittmer <chris@computersalat.de>
- postfix-SUSE
* rework sysconfig.postfix, add
- POSTFIX_WITH_DKIM
- POSTFIX_DKIM_CONN
* rework config.postfix for main.cf
- with_dkim
- update postfix-main.cf.patch
* add OpenDKIM settings
* Wed Jun 23 2021 Christian Wittmer <chris@computersalat.de>
- postfix-mysql
* add mysql_relay_recipient_maps.cf
- postfix-SUSE
* rework sysconfig.postfix, add
- POSTFIX_RELAY_RECIPIENTS
- POSTFIX_BACKUPMX
* add relay_recipients
* rework config.postfix for main.cf
- is_backupmx
- relay_recipient_maps
* Fri Jun 18 2021 Callum Farmer <gmbr3@opensuse.org>
- Add now working CONFIG parameter to sysusers generator
- Remove unnecessary group line from postfix-vmail-user.conf
* Mon Jun 14 2021 Michael Ströder <michael@stroeder.com>
- Update to 3.6.1
* Bugfix (introduced: Postfix 2.11): the command "postmap
lmdb:/file/name" (create LMDB database from textfile) handled
duplicate input keys ungracefully, discarding entries stored
up to and including the duplicate key, and causing a double
free() call with lmdb versions 0.9.17 and later. Reported by
Adi Prasaja; double free() root cause analysis by Howard Chu.
* Typo (introduced: Postfix 3.4): silent_discard should be
silent-discard in BDAT_README.
* Sun Jun 06 2021 Christian Wittmer <chris@computersalat.de>
- fix postfix-master.cf.patch
* set correct indentation (again) for options of
- submission (needs 3 spaces)
- smtps (needs 4 spaces)
to make config.postfix work nicely again
* Wed Jun 02 2021 Marcus Rueckert <mrueckert@suse.de>
- Update to 3.6.0
- Major changes - internal protocol identification
Internal protocols have changed. You need to "postfix stop"
before updating, or before backing out to an earlier release,
otherwise long-running daemons (pickup, qmgr, verify, tlsproxy,
postscreen) may fail to communicate with the rest of Postfix,
causing mail delivery delays until Postfix is restarted.
For more see /usr/share/doc/packages/postfix/RELEASE_NOTES
- refreshed patches to apply cleanly again:
fix-postfix-script.patch
ipv6_disabled.patch
pointer_to_literals.patch
postfix-linux45.patch
postfix-main.cf.patch
postfix-master.cf.patch
postfix-no-md5.patch
postfix-ssl-release-buffers.patch
postfix-vda-v14-3.0.3.patch
set-default-db-type.patch
* Tue Jun 01 2021 Peter Varkoly <varkoly@suse.com>
- (bsc#1186669) - postfix.service has "Requires=var-run.mount"
Remove bad requirements
* Mon Apr 12 2021 Michael Ströder <michael@stroeder.com>
- Update to 3.5.10 with security fixes:
* Missing null pointer checks (introduced in Postfix 3.4) after
an internal I/O error during the smtp(8) to tlsproxy(8) handshake.
Found by Coverity, reported by Jaroslav Skarvada. Based on a
fix by Viktor Dukhovni.
* Null pointer bug (introduced in Postfix 3.0) and memory leak
(introduced in Postfix 3.4) after an inline: table syntax error
in main.cf or master.cf. Found by Coverity, reported by Jaroslav
Skarvada. Based on a fix by Viktor Dukhovni.
* Incomplete null pointer check (introduced: Postfix 2.10) after
truncated HaProxy version 1 handshake message. Found by Coverity,
reported by Jaroslav Skarvada. Fix by Viktor Dukhovni.
* Missing null pointer check (introduced: Postfix alpha) after
null argv[0] value.
* Wed Mar 10 2021 Peter Varkoly <varkoly@suse.com>
- (bsc#1183305) - config.postfix uses db as suffix for postmaps
Depending on DEF_DB_TYPE uses lmdb or db
* Fri Mar 05 2021 Peter Varkoly <varkoly@suse.com>
- (bsc#1182833) - /usr/share/fillup-templates/sysconfig.postfix
still refers to /etc/services
Use getent to detect if smtps is already defined.
* Fri Feb 05 2021 Peter Varkoly <varkoly@suse.com>
- (bsc#1180473) [Build 20201230] postfix has invalid default config
(bsc#1181381) [Build 130.3] openQA test fails in mta, mutt -
postfix broken: "queue file write error" and "error: unsupported
dictionary type: hash"
Export DEF_DB_TYPE before starting the perl script.
* Wed Jan 27 2021 Peter Varkoly <varkoly@suse.com>
- bsc#1180473 - [Build 20201230] postfix has invalid default config
Fixing config.postfix and sysconfig.postfix
* Mon Jan 25 2021 Paolo Stivanin <info@paolostivanin.com>
- Update to 3.5.9
* improves the reporting of DNSSEC problems that may affect
DANE security
* Thu Jan 07 2021 Arjen de Korte <suse+build@de-korte.org>
- Only do the conversion from the hash/btree databases to lmdb when
the default database type changes from hash to lmdb and do not
stop and start the service (the old compiled databases can live
together with the new ones)
- convert-bdb-to-lmdb.sh
- Clean up the specfile
* Remove < 1330 conditional builds
* Use generated postfix-files instead of the obsolete one from
postfix-SUSE.tar.gz
* Use dynamicmaps.cf.d instead of modifying dynamicmaps.cf upon
(de)installation of optional mysql, pgsql and ldap subpackages
* Use default location for post-install, postfix-tls-script,
postfix-wrapper and postmulti-script
* Mon Jan 04 2021 Peter Varkoly <varkoly@suse.com>
- Set lmdb to be the default db.
- Convert btree tables to lmdb too. Stop postfix before converting from
bdb to lmdb
- This package is without bdb support. That's why convert must be done
without any suse release condition.
o remove patch postfix-no-btree.patch
o add set-default-db-type.patch
* Fri Dec 25 2020 Arjen de Korte <suse+build@de-korte.org>
- Set database type for address_verify_map and postscreen_cache_map
to lmdb (btree requires Berkeley DB)
o add postfix-no-btree.patch
* Fri Dec 25 2020 Arjen de Korte <suse+build@de-korte.org>
- Set default database type to lmdb and fix update_postmaps script
* Thu Dec 24 2020 Arjen de Korte <suse+build@de-korte.org>
- Use variable substition instead of sed to remove .db suffix and
substitute hash: for lmdb: in /etc/postfix/master.cf as well.
Check before substitution if there is something to do (to keep
rpmcheck happy).
* Tue Dec 08 2020 Peter Varkoly <varkoly@suse.com>
- bsc#1176650 L3: What is regularly triggering the "fillup"
command and changing modify-time of /etc/sysconfig/postfix?
o Remove miss placed fillup_only call from %verifyscript
* Thu Nov 26 2020 Peter Varkoly <varkoly@suse.com>
- Remove Berkeley DB dependency (JIRA#SLE-12191)
The pacakges postfix is build without Berkely DB support.
lmdb will be used instead of BDB.
The pacakges postfix-bdb is build with Berkely DB support.
o add patch for main.cf for postfix-bdb package
postfix-bdb-main.cf.patch
* Sun Nov 08 2020 Michael Ströder <michael@stroeder.com>
- Update to 3.5.8
* The Postfix SMTP client inserted <CR><LF> into message headers longer
than $line_length_limit (default: 2048), causing all subsequent header
content to become message body content.
* The postscreen daemon did not save a copy of the
postscreen_dnsbl_reply_map lookup result. This has no effect when the
recommended texthash: look table is used, but it could result in stale
data with other lookup tables.
* After deleting a recipient with a Milter, the Postfix recipient
duplicate filter was not updated; the filter suppressed requests
to add the recipient back.
* Memory leak: the static: maps did not free their casefolding buffer.
* With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a
TLS handshake, after processing an XCLIENT command.
* The smtp_sasl_mechanism_filter implementation ignored table lookup
errors, treating them as 'not found'.
* The code that looks for Delivered-To: headers ignored headers longer
than $line_length_limit (default: 2048).
* Mon Aug 31 2020 Michael Ströder <michael@stroeder.com>
- Update to 3.5.7
* Fixed random certificate verification failures with
"smtp_tls_connection_reuse = yes", because tlsproxy(8) was using
the wrong global TLS context for connections that use DANE or
non-DANE trust anchors.
* Tue Aug 25 2020 Thorsten Kukuk <kukuk@suse.com>
- Move ldap into an own sub-package like all other databases
- Move manual pages to correct sub-package
* Fri Aug 21 2020 Thorsten Kukuk <kukuk@suse.com>
- Use sysusers.d to create system accounts
- Remove wrong %config for systemd directory content
* Sun Aug 09 2020 Arjen de Korte <suse+build@de-korte.org>
- Use the correct signature file for source verification
- Rename postfix-3.5.6.tar.gz.sig to postfix-3.5.6.tar.gz.asc (to
prevent confusion, as the signature file from upstream with .sig
extension is incompatible with the build service)
* Sun Jul 26 2020 Michael Ströder <michael@stroeder.com>
- Update to 3.5.6 with following fixes:
* Workaround for unexpected TLS interoperability problems when Postfix
runs on OS distributions with system-wide OpenSSL configurations.
* Memory leaks in the Postfix TLS library, the largest one
involving multiple kBytes per peer certificate.
* Thu Jul 16 2020 Arjen de Korte <suse+build@de-korte.org>
- Add source verification (add postfix.keyring)
* Fri Jul 03 2020 Thorsten Kukuk <kukuk@suse.com>
- Use systemd_ordering instead of systemd_require.
- Move /etc/postfix/system to /usr/lib/postfix/systemd [bsc#1173688]
- Drop /var/adm/SuSEconfig from %post, it does nothing.
- Rename postfix-SuSE to postfix-SUSE
- Delete postfix-SUSE/README.SuSE, company name spelled wrong,
completly outdated and not used.
- Delete postfix-SUSE/SPAMASSASSIN+POSTFIX.SuSE, company name
spelled wrong, outdated and not used.
- sysconfig.mail-postfix: Fix description of MAIL_CREATE_CONFIG,
SuSEconfig is gone since ages.
- update_chroot.systemd: Remove advice to run SuSEconfig.
- Remove rc.postfix, not used, outdated.
- mkpostfixcert: Remove advice to run SuSEconfig.
* Mon Jun 29 2020 Michael Ströder <michael@stroeder.com>
- Update to 3.5.4:
* The connection_reuse attribute in smtp_tls_policy_maps always
resulted in an "invalid attribute name" error.
* SMTP over TLS connection reuse always failed for Postfix SMTP
client configurations that specify explicit trust anchors (remote
SMTP server certificates or public keys).
* The Postfix SMTP client's DANE implementation would always send
an SNI option with the name in a destination's MX record, even
if the MX record pointed to a CNAME record. MX records that
point to CNAME records are not conformant with RFC5321, and so
are rare.
Based on the DANE survey of ~2 million hosts it was found that
with the corrected SMTP client behavior, sending SNI with the
CNAME-expanded name, the SMTP server would not send a different
certificate. This fix should therefore be safe.
* Mon Jun 15 2020 Michael Ströder <michael@stroeder.com>
- Update to 3.5.3:
* TLS handshake failure in the Postfix SMTP server during SNI
processing, after the server-side TLS engine sent a TLSv1.3
HelloRetryRequest (HRR) to a remote SMTP client.
* The command "postfix tls deploy-server-cert" did not handle a
missing optional argument. This bug was introduced in Postfix
3.1.
* Sun May 17 2020 Michael Ströder <michael@stroeder.com>
- Update to 3.5.2:
* A TLS error for a database client caused a false 'lost connection'
error for an SMTP over TLS session in the same Postfix process.
This bug was introduced with Postfix 2.2.
* The same bug existed in the tlsproxy(8) daemon, where a TLS
error for one TLS session could cause a false 'lost connection'
error for a concurrent TLS session in the same process. This
bug was introduced with Postfix 2.8.
* The Postfix build now disables DANE support on Linux systems
with libc-musl such as Alpine, because libc-musl provides no
indication whether DNS responses are authentic. This broke DANE
support without a clear explanation.
* Due to implementation changes in the ICU library, some Postfix
daemons reported file access errrors (U_FILE_ACCESS_ERROR) after
chroot(). This was fixed by initializing the ICU library before
making the chroot() call.
* Minor code changes to silence a compiler that special-cases
string literals.
* Segfault (null pointer) in the tlsproxy(8) client role when the
server role was disabled. This typically happened on systems
that do not receive mail, after configuring connection reuse
for outbound SMTP over TLS.
* The date portion of the maillog_file_rotate_suffix default value
used the minute (%M) instead of the month (%m).
* Mon May 11 2020 Arjen de Korte <suse+build@de-korte.org>
- boo#1106004 fix incorrect locations for files in postfix-files
* Sun Apr 19 2020 Michael Ströder <michael@stroeder.com>
- Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured
lookups and DANE mail transport work again
- Update to 3.5.1:
* Support for the haproxy v2 protocol. The Postfix implementation
supports TCP over IPv4 and IPv6, as well as non-proxied
connections; the latter are typically used for heartbeat tests.
* Support to force-expire email messages. This introduces new
postsuper(1) command-line options to request expiration, and
additional information in mailq(1) or postqueue(1) output.
* The Postfix SMTP and LMTP client support a list of nexthop
destinations separated by comma or whitespace. These destinations
will be tried in the specified order.
* Incompatible changes:
* Logging: Postfix daemon processes now log the from= and to=
addresses in external (quoted) form in non-debug logging (info,
warning, etc.). This means that when an address localpart
contains spaces or other special characters, the localpart will
be quoted, for example:
from=<"name with spaces"@example.com>
Specify "info_log_address_format = internal" for backwards compatibility.
* Postfix now normalizes IP addresses received with XCLIENT,
XFORWARD, or with the HaProxy protocol, for consistency with
direct connections to Postfix. This may change the appearance
of logging, and the way that check_client_access will match
subnets of an IPv6 address.
* Fri Mar 13 2020 Michael Ströder <michael@stroeder.com>
- Update to 3.4.10:
* Bug (introduced: Postfix 2.3): Postfix Milter client state
was not properly reset after one Milter in a multi-Milter
configuration failed during MAIL FROM, resulting in a Postfix
Milter client panic during the next MAIL FROM command in the
same SMTP session.
* Fri Feb 07 2020 Peter Varkoly <varkoly@suse.com>
- bsc#1162891 server:mail/postfix: cond_slp bug on TW after
moving /etc/services to /usr/etc/services
* Wed Feb 05 2020 Peter Varkoly <varkoly@suse.com>
- bsc#1160413 postfix fails with -fno-common
* Mon Feb 03 2020 Michael Ströder <michael@stroeder.com>
- Update to 3.4.9:
* Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were
broken while adding support for negative DNS response caching
in postscreen. Postfix was inadvertently changed to call
res_query() instead of res_search().
* Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro
overrides from a Milter application. Postfix now evaluates the
Milter macros for an SMTP CONNECT event after the Postfix-to-Milter
connection is negotiated.
* Bug (introduced: Postfix 3.0): sanitize (remote) server responses
before storing them in the verify database, to avoid Postfix
warnings about malformed UTF8. Found during code maintenance.
/etc/aliases.lmdb /etc/pam.d/smtp /etc/permissions.d/postfix /etc/permissions.d/postfix.paranoid /etc/postfix /etc/postfix/*.lmdb /etc/postfix/access /etc/postfix/aliases /etc/postfix/bounce.cf.default /etc/postfix/canonical /etc/postfix/generic /etc/postfix/header_checks /etc/postfix/helo_access /etc/postfix/main.cf /etc/postfix/main.cf.default /etc/postfix/master.cf /etc/postfix/openssl_postfix.conf.in /etc/postfix/relay /etc/postfix/relay_ccerts /etc/postfix/relay_recipients /etc/postfix/relocated /etc/postfix/sasl_passwd /etc/postfix/sender_canonical /etc/postfix/ssl /etc/postfix/ssl/cacerts /etc/postfix/ssl/certs /etc/postfix/transport /etc/postfix/virtual /etc/sasl2 /etc/sasl2/smtpd.conf /usr/bin/mailq /usr/bin/newaliases /usr/lib/postfix /usr/lib/postfix/bin /usr/lib/postfix/bin/anvil /usr/lib/postfix/bin/bounce /usr/lib/postfix/bin/cleanup /usr/lib/postfix/bin/discard /usr/lib/postfix/bin/dnsblog /usr/lib/postfix/bin/error /usr/lib/postfix/bin/flush /usr/lib/postfix/bin/lmtp /usr/lib/postfix/bin/local /usr/lib/postfix/bin/master /usr/lib/postfix/bin/nqmgr /usr/lib/postfix/bin/oqmgr /usr/lib/postfix/bin/pickup /usr/lib/postfix/bin/pipe /usr/lib/postfix/bin/post-install /usr/lib/postfix/bin/postfix-script /usr/lib/postfix/bin/postfix-tls-script /usr/lib/postfix/bin/postfix-wrapper /usr/lib/postfix/bin/postlogd /usr/lib/postfix/bin/postmulti-script /usr/lib/postfix/bin/postscreen /usr/lib/postfix/bin/proxymap /usr/lib/postfix/bin/qmgr /usr/lib/postfix/bin/qmqpd /usr/lib/postfix/bin/scache /usr/lib/postfix/bin/showq /usr/lib/postfix/bin/smtp /usr/lib/postfix/bin/smtpd /usr/lib/postfix/bin/spawn /usr/lib/postfix/bin/tlsmgr /usr/lib/postfix/bin/tlsproxy /usr/lib/postfix/bin/trivial-rewrite /usr/lib/postfix/bin/verify /usr/lib/postfix/bin/virtual /usr/lib/postfix/dynamicmaps.cf /usr/lib/postfix/dynamicmaps.cf.d /usr/lib/postfix/libpostfix-dns.so /usr/lib/postfix/libpostfix-global.so /usr/lib/postfix/libpostfix-master.so /usr/lib/postfix/libpostfix-tls.so /usr/lib/postfix/libpostfix-util.so /usr/lib/postfix/main.cf.proto /usr/lib/postfix/makedefs.out /usr/lib/postfix/master.cf.proto /usr/lib/postfix/postfix-files /usr/lib/postfix/postfix-files.d /usr/lib/postfix/postfix-lmdb.so /usr/lib/postfix/postfix-pcre.so /usr/lib/postfix/systemd /usr/lib/postfix/systemd/cond_slp /usr/lib/postfix/systemd/config_postfix /usr/lib/postfix/systemd/update_chroot /usr/lib/postfix/systemd/update_postmaps /usr/lib/postfix/systemd/wait_qmgr /usr/lib/sendmail /usr/lib/systemd/system/mail-transfer-agent.target.wants /usr/lib/systemd/system/mail-transfer-agent.target.wants/postfix.service /usr/lib/systemd/system/postfix.service /usr/lib/sysusers.d/postfix-user.conf /usr/lib64/libpostfix-dns.so /usr/lib64/libpostfix-global.so /usr/lib64/libpostfix-master.so /usr/lib64/libpostfix-tls.so /usr/lib64/libpostfix-util.so /usr/sbin/check_mail_queue /usr/sbin/config.postfix /usr/sbin/mkpostfixcert /usr/sbin/postalias /usr/sbin/postcat /usr/sbin/postconf /usr/sbin/postdrop /usr/sbin/postfix /usr/sbin/postkick /usr/sbin/postlock /usr/sbin/postlog /usr/sbin/postmap /usr/sbin/postmulti /usr/sbin/postqueue /usr/sbin/postsuper /usr/sbin/qmqp-source /usr/sbin/rcpostfix /usr/sbin/sendmail /usr/sbin/smtp-sink /usr/sbin/smtp-source /usr/share/doc/packages/postfix /usr/share/doc/packages/postfix/RELEASE_NOTES /usr/share/fillup-templates/sysconfig.mail-postfix /usr/share/fillup-templates/sysconfig.postfix /usr/share/licenses/postfix /usr/share/licenses/postfix/LICENSE /usr/share/licenses/postfix/TLS_LICENSE /usr/share/man/man1/mailq.1.gz /usr/share/man/man1/newaliases.1.gz /usr/share/man/man1/postalias.1.gz /usr/share/man/man1/postcat.1.gz /usr/share/man/man1/postconf.1.gz /usr/share/man/man1/postdrop.1.gz /usr/share/man/man1/postfix-tls.1.gz /usr/share/man/man1/postfix.1.gz /usr/share/man/man1/postkick.1.gz /usr/share/man/man1/postlock.1.gz /usr/share/man/man1/postlog.1.gz /usr/share/man/man1/postmap.1.gz /usr/share/man/man1/postmulti.1.gz /usr/share/man/man1/postqueue.1.gz /usr/share/man/man1/postsuper.1.gz /usr/share/man/man1/sendmail.1.gz /usr/share/man/man5/access.5.gz /usr/share/man/man5/aliases.5.gz /usr/share/man/man5/body_checks.5.gz /usr/share/man/man5/bounce.5.gz /usr/share/man/man5/canonical.5.gz /usr/share/man/man5/cidr_table.5.gz /usr/share/man/man5/generic.5.gz /usr/share/man/man5/header_checks.5.gz /usr/share/man/man5/lmdb_table.5.gz /usr/share/man/man5/master.5.gz /usr/share/man/man5/memcache_table.5.gz /usr/share/man/man5/nisplus_table.5.gz /usr/share/man/man5/pcre_table.5.gz /usr/share/man/man5/postconf.5.gz /usr/share/man/man5/postfix-wrapper.5.gz /usr/share/man/man5/regexp_table.5.gz /usr/share/man/man5/relocated.5.gz /usr/share/man/man5/socketmap_table.5.gz /usr/share/man/man5/sqlite_table.5.gz /usr/share/man/man5/tcp_table.5.gz /usr/share/man/man5/transport.5.gz /usr/share/man/man5/virtual.5.gz /usr/share/man/man8/anvil.8.gz /usr/share/man/man8/bounce.8.gz /usr/share/man/man8/cleanup.8.gz /usr/share/man/man8/defer.8.gz /usr/share/man/man8/discard.8.gz /usr/share/man/man8/dnsblog.8.gz /usr/share/man/man8/error.8.gz /usr/share/man/man8/flush.8.gz /usr/share/man/man8/lmtp.8.gz /usr/share/man/man8/local.8.gz /usr/share/man/man8/master.8.gz /usr/share/man/man8/oqmgr.8.gz /usr/share/man/man8/pickup.8.gz /usr/share/man/man8/pipe.8.gz /usr/share/man/man8/postlogd.8.gz /usr/share/man/man8/postscreen.8.gz /usr/share/man/man8/proxymap.8.gz /usr/share/man/man8/qmgr.8.gz /usr/share/man/man8/qmqpd.8.gz /usr/share/man/man8/scache.8.gz /usr/share/man/man8/showq.8.gz /usr/share/man/man8/smtp.8.gz /usr/share/man/man8/smtpd.8.gz /usr/share/man/man8/spawn.8.gz /usr/share/man/man8/tlsmgr.8.gz /usr/share/man/man8/tlsproxy.8.gz /usr/share/man/man8/trace.8.gz /usr/share/man/man8/trivial-rewrite.8.gz /usr/share/man/man8/verify.8.gz /usr/share/man/man8/virtual.8.gz /var/adm/backup/postfix /var/lib/postfix /var/mail /var/spool/mail /var/spool/postfix /var/spool/postfix/active /var/spool/postfix/bounce /var/spool/postfix/corrupt /var/spool/postfix/defer /var/spool/postfix/deferred /var/spool/postfix/flush /var/spool/postfix/hold /var/spool/postfix/incoming /var/spool/postfix/maildrop /var/spool/postfix/pid /var/spool/postfix/private /var/spool/postfix/public /var/spool/postfix/saved /var/spool/postfix/trace
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Mar 9 12:50:11 2024