20181014
Cleanup: figured out why vstring_get() did not return
VSTREAM_EOF in APPEND mode.
20181104
Multiple 'bit rot' fixes for OpenSSL API changes, including
support to disable TLSv1.3, to avoid issuing multiple session
tickets, and to allow OpenSSL >= 1.1.0 run-time micro version
bumps without complaining about library version mismatches.
20181105
Feature: "postmap -F" reads a source file with (key, filename)
entries, and creates database records with (key, base64-encoded
filecontent). This feature will be used for SNI lookup
table support, where each key will be a domainname, and
each value will contain a sequence of (private key, certificate
hierarchy) for that domainname. The same 'value is filename'
behavior is implemented in cidr:, inline:, pcre:, randmap:,
regexp:, and static: maps if the application sets the flag
DICT_FLAG_RHS_IS_FILE. In the forseeable future, this will
Simplify some ports where DragonFlyBSD no longer needs to be special-cased.
Submitted by: rene
Reviewed by: bapt, jbeich
Differential Revision: https://reviews.freebsd.org/D17724
Changelog:
20180224
Workaround: postconf build did not abort if the m4 command
is not installed (on a system that does have the make command,
the awk command, the perl command, and the C compiler?!).
File: postconf/extract_cfg.sh.
20180303
Portability: slight differences between MySQL and MariaDB.
Olli Hauer. File: global/dict_mysql.c.
20180306
Bugfix (introduced: 19990302): when luser_relay specifies
a non-existent local address, the luser_relay feature becomes
a black hole. Reported by Juergen Thomsen. File: local/unknown.c.
Portability: FreeBSD 11 is supported. Files: makedefs,
util/sys_defs.h.
Firt definition of MARIADB_VERSION_ID can be found in mariadb102
therefore we have to use MARIADB_BASE_VERSION which is defined in
mariadb55 and mariadb10x
PR: 226266 [1], 220224
Reported by: Zilon [1]
- license is now dual (see Changelog 20180203)
- make EAI optional but on by default [1]
20180128
Documentation: the tcp_table(5) manpage now documents the
absence of substring lookups. File: proto/tcp_table.
20180203
Licence: in addition to the historical IBM Public License
1.0, this software is now also distributed with the more
recent Eclipse Public License 2.0. Recipients can choose
to take the software under the license of their choice.
Those who are more comfortable with the IPL can continue
with that license. File: LICENSE.
PR: ports/221619 [1]
Submitted by: Kubilay Kocak (koobs@)
Incompatible changes with snapshot 201800107
--------------------------------------------
This release changes the format of 'full name' information in
Postfix-generated From: headers, when a local program such as
/bin/mail submits a message without From: header.
Postfix-generated From: headers with 'full name' information are
now formatted as "From: name <address>" by default. Specify
"header_from_format = obsolete" to get the earlier form "From:
address (name)". See the postconf(5) manpage for more details.
Changelog:
20170923
Bugfix (introduced: Postfix 3.2): panic in the postqueue
command after output write error while listing the queue.
This change restores a write error check that was lost with
the Postfix 3.2.2 rewrite of the vbuf_print formatter.
Problem reported by Andreas Schulze. File: util/vbuf_print.c.
20170827
Safety: in vstream_buf_space(), add a sanity check to reject
negative request sizes, instead of letting the program fail
later. File: util/vstream.c
Bugfix: in tests that enable the VSTRING_FLAG_EXACT flag,
vstring_buf_put_ready() could fail to extend the buffer,
causing infinite recursion in VBUF_PUT(). File: util/vstring.c.
20170830
Bugfix: in vbuf_print(), save the parser-produced format
string before calling msg_panic(), so that the panic message
will not display its own format string. File: util/vbuf_print.c.
20170831
Portability (introduced Postfix 1.0): possible cause for
panic in postqueue when listing the deferred queue. This
assigned the result from unsigned integer subtraction to a
signed integer, followed by a safety check to ensure that
the result was non-negative. This assignment relied on
undefined behavior, meaning that a compiler may eliminate
the safety check, causing the program to fail later. File:
postqueue/showq_compat.c.
20170910
Safety: restore sanity checks for dynamically-specified
width and precision in format strings (%*, %.*, and %*.*).
These checks were lost with the Postfix 3.2.2 rewrite of
the vbuf_print formatter. File: vbuf_print.c.
Changelog:
20170505
Workaround for a current problem where some destination
announces primarily IPv6 MX addresses, the smtp_address_limit
eliminates most or all IPv4 addresses, and the destination
is not reachable over IPv6. This workaround is enabled with
"smtp_balance_mx_inet_protocols = yes", which is the default.
Files: smtp/smtp.c, smtp/smtp_params.c, smtp/smtp_addr.c,
global/mail_params.h, proto/postconf.proto.
20170506
A last-minute cosmetic fix had introduced a bug in
smtp/smtp_addr.c.
20170512
Bugfix (introduced: Postfix 2.0): the MIME nesting level
counter was not initialized (i.e. left at the memory fill
pattern 0xffffffff which equals -1). This broke unit tests
with a different memory allocator. Changing the value to
zero would break backwards compatibility (reject mail that
was previously not rejected). Files: global/mime_state.c.
20170531
Bugfix (introduced: Postfix 3.2): after the table lookup
overhaul, the check_sender_access and check_recipient_access
features ignored the parent_domain_matches_subdomains
setting. Reported by Henrik Larsson. File: smtpd/smtpd_check.c.
Workaround (introduced: Postfix 3.2): mail_addr_find() logs
a warning that it does not support both parent-domain and
dot-parent-domain style lookups in the same call. File:
global/mail_addr_find.c
20170610
Workaround (introduced: Postfix 3.0 20140718): prevent MIME
downgrade of Postfix-generated message/delivery-status.
It's supposed to be 7bit, therefore quoted-printable encoding
is not expected. Problem reported by Griff. File:
bounce/bounce_notify_util.c.
Documentation: indicate that the transport_mumble parameters
are implemented by the queue manager, not by delivery agents.
Files: mantools/postlink, local/local.c, pipe/pipe.c,
*qmgr/qmgr.c, smtp/smtp.c, virtual/virtual.c.
20170611
Security: Berkeley DB 2 and later try to read settings from
a file DB_CONFIG in the current directory. This undocumented
feature may introduce undisclosed vulnerabilities resulting in
privilege escalation with Postfix set-gid programs (postdrop,
postqueue) before they chdir to the Postfix queue directory,
and with the postmap and postalias commands depending on whether
the user's current directory is writable by other users. This
fix does not change Postfix behavior for Berkeley DB < 3.
File: util/dict_db.c.
20161205
Cleanup: log the sender address when rejecting a too large
message size in a "MAIL FROM:<sender> SIZE=nnn" command.
File: smtpd/smtpd.c.
20161206
Bugfix (introduced: Postfix 3.0): when receiving a MAIL
FROM...SMTPUTF8 command while smtpd_delay_reject=no, enable
SMTPUTF8 support before processing smtpd_sender_restrictions.
Problem reported by Viktor Dukhovni. File: smtpd/smtpd.c.
Bugfix (introduced: Postfix 3.0): when receiving a
VRFY...SMTPUTF8 command, enable SMTPUTF8 support while
processing smtpd_recipient_restrictions. File: smtpd/smtpd.c.
20161220
Bugfix (introduced: Postfix 2.1.0): the Postfix SMTP daemon
did not query sender_canonical_maps when rejecting unknown
senders with "smtpd_reject_unlisted_recipient = yes" or
with reject_unlisted_sender. Stephen R. van den Berg (Mr.
procmail). Files: smtpd/smtpd.c, smtpd/smtpd_check.c.
20161223
Bugfix (introduced: Postfix 3.2 snapshots): the makedefs
script produced a garbled CCARGS setting when no suitable
ICU library was found. File: makedefs.
Incompatible changes with snapshot 20161204
===========================================
Postfix 3.2 removes tentative features that were implemented
before the DANE spec was finalized:
- Support for certificate usage PKIX-EE(1),
- The ability to disable digest agility. Postfix 3.2 always behaves
as if "tls_dane_digest_agility = on.
- The ability to disable support for "TLSA 2 [01] [12]" records
that specify the digest of a trust anchor. Postfix 3.2 always
behaves as if "tls_dane_trust_anchor_digest_enable = yes".
The only reason to use post-stage is because the port needs to do
"things" at a later time, like some plist manipulation.
While there, fold post-install in do-install targets when they are
defined.
PR: 214780
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight
20161105
Bugfix (introduced: Postfix 1.1): the postsuper command did
not count a successful rename operation after error recovery.
Problem reported by Markus Sch_nhaber. File: postsuper/postsuper.c.
Cleanup: error reporting for IDNA (non-ASCII domain name)
conversion errors, and enable_idna2003_compatibility
configuration. File: util/midna_domain.c.
Incompatible changes with snapshot 20161103
===========================================
Postfix 3.2 by default disables the 'transitional' compatibility
between IDNA2003 and IDNA2008, when converting UTF-8 domain names
to/from the ASCII form that is used in DNS lookups. This makes
Postfix behavior consistent with current versions of the Firefox
and Chrome web browsers. Specify "enable_idna2003_compatibility =
yes" for historical behavior.
This affects the conversion of, for example, the German sz and the
Greek zeta. See http://unicode.org/cldr/utility/idna.jsp for more
examples.
Major changes with snapshot 20161031
====================================
The smtpd_milter_maps feature supports per-client Milter configuration.
This overrides the global smtpd_milters setting and has the same syntax.
A lookup result of "DISABLE" turns off Milter support.
