postfix-pgsql-3.5.6-1.el7.x86_64
[42 KiB] |
Changelog
by Django (2020-08-01):
- Bugfix (introduced: Postfix 3.5.5): part of a memory leak
fix was backported to the wrong place. File: tls/tls_misc.c.
The Postfix 3.5.5 workaround did not explicitly override
the system-wide OpenSSL configuration of allowed TLS protocol
versions, for sessions where the remote SMTP client sends
SNI. It's better to be safe than sorry. File: tls/tls_server.c.
- Workaround for distros that override Postfix protocol
settings in a system-wide OpenSSL configuration file, causing
interoperability problems after an OS update. File:
tls/tls_client.c, tls/tls_server.c.
- Bugfix (introduced: Postfix 3.0): 4kbyte per session memory
leak in the Postfix TLS library, found during tests. File:
tls/tls_misc.c.
- Bugfix (introduced: Postfix 3.0): minor memory leaks in the
Postfix TLS library, found during tests. File: tls/tls_misc.c.
- Bugfix (introduced: Postfix 2.11): The Postfix smtp(8)
client did not send the right SNI name when the TLSA base
domain was a secure CNAME expansion of the MX hostname (or
non-MX nexthop domain). Domains with CNAME expanded MX hosts
are not conformant with RFC5321, and so are rare. Even more
rare are MX hosts with TLSA records for their CNAME expansion.
For this to matter, the remote SMTP server would also have
to select its certificate based on the SNI name in such a
way that the original MX host would yield a different
certificate. Among the ~2 million hosts in the DANE survey,
none meet the conditions for returning a different certificate
for the expanded CNAME. Therefore, sending the correct SNI
name should not break existing mail flows. Fixed by Viktor
Dukhovni. File: src/tls/tls_client.c.
- Bugfix (introduced: Postfix 3.4): SMTP over TLS connection
reuse was broken for configurations that use explicit trust
anchors. Reported by Thorsten Habich. Fixed by calling DANE
initialization unconditionally (WTF). File: tlsproxy/tlsproxy.c.
- Bugfix (introduced: Postfix 3.4): SMTP over TLS connection
reuse was broken for configurations that use explicit trust
anchors. Reported by Thorsten Habich. Cause: the tlsproxy
client was sending a zero certificate length. File:
tls/tls_proxy_client_print.c.
- Bugfix (introduced: Postfix 3.4): the connection_reuse
attribute in smtp_tls_policy_maps resulted in an "invalid
attribute name" error. Fix by Thorsten Habich. File:
smtp/smtp_tls_policy.c.
- Bugfix (introduced: Postfix 3.4): in the Postfix SMTP server,
the SNI callback reported an error when it was called a
second time. This happened after the server-side TLS engine
sent a TLSv1.3 HelloRetryRequest (HRR) to a remote SMTP
client. Reported by Ján Máté, fixed by Viktor Dukhovni.
File: tls/tls_misc.c.
- Bugfix (introduced: Postfix 3.1): "postfix tls deploy-server-cert"
did not handle a missing optional argument. File:
conf/postfix-tls-script.
|
postfix-pgsql-3.5.2-1.el7.x86_64
[39 KiB] |
Changelog
by Django (2020-05-18):
- Bugfix (introduced: Postfix 2.2): a TLS error for a PostgreSQL
client caused a false 'lost connection' error for an SMTP
over TLS session in the same Postfix process. Reported by
Alexander Vasarab, diagnosed by Viktor Dukhovni. File:
tls/tls_bio_ops.c.
- Bugfix (introduced: Postfix 2.8): a TLS error for one TLS
session may cause a false 'lost connection' error for a
concurrent TLS session in the same tlsproxy process. File:
tlsproxy/tlsproxy.c.
- Noise suppression: avoid "SSL_Shutdown:shutdown while in
init" warnings. File: tls/tls_session.c.
- Bitrot: avoid U_FILE_ACCESS_ERROR after chroot(), by
initializing the ICU library before making the chroot()
call. Files: util/midna_domain.[hc], global/mail_params.c.
- Bugfix (introduced: Postfix 3.5): maillog_file_rotate_suffix
default value used the minute instead of the month. Reported
by Larry Stone. Files: conf/postfix-tls-script,
proto/MAILLOG_README.html, proto/postconf.proto.
global/mail_params.h, postfix/postfix.c.
- Noise suppression: shut up a compiler that special-cases
string literals. Viktor Dukhovni. File smtpd/smtpd_check.c.
- Security: disable DANE support on Alpine Linux because
libc-musl provides no indication whether DNS responses are
authentic. This broke DANE support without a clear explanation.
File: makedefs.
- Noise suppression: shut up a compiler that special-cases
string literals. Viktor Dukhovni. File milter/milter.c.
- Bugfix: segfault in the tlsproxy client role when the server
role was disabled. This typically happens on systems that
do not receive mail, after configuring connection reuse for
outbound TLS. Found during program maintenance. File:
tlsproxy/tlsproxy.c.
|
postfix-pgsql-3.5.1-1.el7.x86_64
[37 KiB] |
Changelog
by Django (2020-04-21):
- Workaround for broken builds after an incompatible change
in GCC 10. Files: makedefs, Makefile.in.
- Workaround for broken DANE support after an incompatible
change in GLIBC 2.31. This avoids the need for new options
in /etc/resolv.conf. Files: dns/dns.h, dns/dns_lookup.c.
|
postfix-pgsql-3.5.0-1.el7.x86_64
[37 KiB] |
Changelog
by Django (2020-04-17):
- Removed the issuer_cn and subject_cn matches from
check_ccert_access. Files: smtpd/smtpd_check.c,
proto/postconf.proto.
- Usability: the Postfix SMTP server now logs a warning when
a configuration requests access control by client certificate,
but "smtpd_tls_ask_clientcert = no". Files: proto/postconf.proto,
smtpd/smtpd_check.c.
|
postfix-pgsql-3.4.10-1.el7.x86_64
[37 KiB] |
Changelog
by Django (2020-03-15):
- Bugfix (introduced: Postfix 2.3): panic with Postfix
multi-Milter configuration during MAIL FROM. Milter client
state was not properly reset after one of the Milters failed.
Reported by WeiYu Wu.
- Bugfix (introduced: Postfix 2.5): the Milter connect event
macros were evaluated before the Milter connection itself
had been negotiated. Problem reported by David Baergin.
Files: milter/milter.h, milter/milter.c, milter/milter8.c
|
postfix-pgsql-3.4.9-1.el7.x86_64
[36 KiB] |
Changelog
by Django (2019-12-16):
- Bugfix (introduced: Postfix 3.1): support for
smtp_dns_resolver_options was broken while adding support
for negative DNS response caching in postscreen. Postfix
was inadvertently changed to call res_query() instead of
res_search(). Reported by Jaroslav Skarvada. File:
dns/dns_lookup.c.
- Bugfix (introduced: Postfix 3.0): sanitize server responses
before storing them in the verify database, to avoid Postfix
warnings about malformed UTF8. File: verify/verify.c.
- Usability: the parser for key/certificate chain files
rejected inputs that contain an EC PARAMETERS object. While
this is technically correct (the documentation says what
types are allowed) this is surprising behavior because the
legacy cert/key parameters will accept such inputs. For
now, the parser skips object types that it does not know
about for usability, and logs a warning because ignoring
inputs is not kosher. Viktor and Wietse. File: tls/tls_certkey.c.
- Bugfix (introduced: Postfix 2.8): don't gratuitously enable
all after-220 tests when only one such test is enabled.
This made selective tests impossible with 'good' clients.
File: postscreen/postscreen_smtpd.c.
- Bugfix: the 20180903 postscreen fix for a misleading
"PIPELINING after BDAT" warning looked at the wrong variable.
The warning now says "BDAT without valid RCPT", and the
error is no longer treated as a command PIPELINING error
(but sending BDAT is still a client error, because postscreen
rejects all RCPT commands and does not announce PIPELINING
support). File: postscreen/postscreen_smtpd.c.
|
postfix-pgsql-3.4.8-1.el7.x86_64
[34 KiB] |
Changelog
by Django (2019-09-16):
- Bugfix (introduced: Postfix 3.4): don't whitewash OpenSSL
error results after a plaintext output error. The code could
loop, and with some OpenSSL error results could flood the
log with error messages (see below for a specific case).
Problem reported by Andreas Schulze. File: tlsproxy/tlsproxy.c.
Bitrot: don't invoke SSL_shutdown() when the SSL engine
thinks it is processing a TLS handshake. The commit at
https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59
changed the error status, incompatibly, from SSL_ERROR_NONE
into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c.
- Bugfix (introduced: 20051222): the Dovecot client could
segfault (null pointer read) or cause an SMTP server assertion
to fail when talking to a fake Dovecot server. The client
now logs a proper error instead. Problem reported by Tim
Daesterhus. File: xsasl/xsasl_dovecot_server.c.
- Workaround for poor TCP loopback performance on LINUX, where
getsockopt(..., TCP_MAXSEG, ..) reports a TCP maximal segment
size that is 1/2 to 1/3 of the MTU. For example, with kernel
5.1.16-300.fc30.x86_64 the TCP client and server announce
an mss of 65495 in the TCP handshake, but getsockopt()
returns 32741 (less than half). As a matter of principle,
Postfix won't turn on client-side TCP_NODELAY because that
hides application performance bugs, and because that still
suffers from server-side delayed ACKs. Instead, Postfix
avoids sending "small" writes back-to-back, by choosing a
VSTREAM buffer size that is a multiple of the reported MSS.
This workaround bumps the multiplier from 2x to 4x. File:
util/vstream_tweak.c.
|
postfix-pgsql-3.4.7-1.el7.x86_64
[33 KiB] |
Changelog
by Django (2019-07-26):
- Bugfix: the documentation said tls_fast_shutdown_enable,
but the code said tls_fast_shutdown. Viktor Dukhovni. Changed
the code because no-one is expected to override the default.
File: global/mail_params.h.
- Bugfix (introduced: Postfix 3.0): the code to reset Postfix
SMTP server command counts was not called after a HaProxy
handshake failure, causing stale numbers to be reported.
The command counts are now reset in the function that reports
the counts. File: smtpd/smtpd.c.
|
postfix-pgsql-3.4.6-1.el7.x86_64
[32 KiB] |
Changelog
by Django (2019-07-03):
- Documentation: updated the BUGS section in the smtp(8) manpage
about TLS connection reuse. File: smtp/smtp.c.
- Workaround for implementations that hang Postfix while
shutting down a TLS session, until Postfix times out. With
"tls_fast_shutdown_enable = yes" (the default), Postfix no
longer waits for the TLS peer to respond to a TLS 'close'
request. This is recommended with TLSv1.0 and later. Files:
global/mail_params.h, tls/tls_session.c, and documentation.
- Bugfix (introduced: Postfix 3.0): the code to reset Postfix
SMTP server command counts was not called after a HaProxy
handshake failure, causing stale numbers to be reported.
The command counts are now reset in the function that reports
the counts. File: smtpd/smtpd.c.
|
postfix-pgsql-3.4.5-1.el7.x86_64
[31 KiB] |
Changelog
by Django (2019-04-03):
- Bugfix (introduced: Postfix 3.0): LMTP connections over
UNIX-domain sockets were cached but not reused, due to a
cache lookup key mismatch. Therefore, idle cached connections
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
- With message_size_limit=0 (which is NOT DOCUMENTED), BDAT
chunks were always rejected as too large. File: smtpd/smtpd.c
- Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
has been producing false rejects starting with the Postfix
2.2 smtpd_end_of_data_restrictons, and for the same reasons,
does the same with the Postfix 3.4 BDAT command. The latter
was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
|
postfix-pgsql-3.4.3-1.el7.x86_64
[31 KiB] |
Changelog
by Django (2019-03-11):
- Bitrot: LINUX5s support, after some sanity checks with a
rawhide prerelease version. Files: makedefs, util/sys_defs.h.
- Bugfix (introduced: 20181226): broken DANE trust anchor
file support, caused by left-over debris from the 20181226
TLS library overhaul. Scott Kitterman. File: tls/tls_dane.c.
- Bugfix (introduced: Postfix-1.0.1): null pointer read, while
logging a warning after a corrupted bounce log file. File:
global/bounce_log.c.
- Bugfix (introduced: Postfix-2.9.0): null pointer read, while
logging a warning after a postscreen_command_filter read
error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c
|
postfix-pgsql-3.4.1-1.el7.x86_64
[30 KiB] |
Changelog
by Django (2019-03-10):
- Bugfix: in the Postfix SMTP client, TLS wrappermode was not
tested in tlsproxy mode. It needed some setup for buffering
and timeouts. Problem report by Andreas Schulze. File:
smtp/smtp_proto.c.
- Bugfix: a reversed test broke TLS configurations that specify
the same filename for a private key and certificate. Reported
by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the
test. Files: tls/tls_certkey.c, tls/Makefile.in.
|
postfix-pgsql-3.3.2-1.el7.x86_64
[29 KiB] |
Changelog
by Django (2019-01-17):
- Bugfix (introduced: 20170617): postconf(1) command segfault
if unable to open a Postfix database configuration file due
to a file permission error. Report by Andreas Hasenack, fix
by Viktor Dukhovni. File: postconf/postconf_dbms.c.
- Cleanup: Postfix did not support running as a PID=1 process,
which complicated Postfix management in containers. The
"postfix start-fg" command will now run the Postfix master
daemon as a PID=1 process if possible. Thanks to inputs
from Andreas Schulze, Eray Aslan, and Viktor Dukhovni.
Files: postfix/postfix.c, master/master.c, master/master.h,
master/master_sig.c, conf/postfix-script.
- Bugfix (introduced: Postfix 2.11): minor memory leak when
minting issuer certs. This affects a tiny minority of use
cases. Viktor Dukhovni, based on a fix by Juan Altmayer
Pizzorno for the ssl_dane library. File: tls/tls_dane.c.
- Workaround: postconf build did not abort if the m4 command
is not installed (on a system that does have the make
command, the awk command, the perl command, and the C
compiler?!). File: postconf/extract_cfg.sh.
- Multiple 'bit rot' fixes for OpenSSL API changes, including
support to disable TLSv1.3, to avoid issuing multiple session
tickets, and to allow OpenSSL >= 1.1.0 run-time micro version
bumps without complaining about library version mismatches.
Viktor Dukhovni. Files: proto/postconf.proto,
proto/TLS_README.html, tls/tls.h, tls/tls_server.c,
tls/tls_misc.c.
- Bugfix (introduced: 3.0): smtpd_discard_ehlo_keywords could
not disable "SMTPUTF8". because the lookup table was using
"EHLO_MASK_SMTPUTF8" instead. File: global/ehlo_mask.c.
- Documentation: update documentation for Postfix versions
that support disabling TLS 1.3. File: proto/postconf.proto.
- Improved logging of TLS 1.3 summary information, and improved
reporting of the same info in Received: message headers.
Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html,
posttls-finger/posttls-finger.c, smtpd/smtpd.c, tls/tls.h,
tls/tls_client.c, tls/tls_misc.c, tls/tls_proxy.h,
tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c,
tls/tls_server.c.
|
postfix-pgsql-3.2.6-1.el7.x86_64
[27 KiB] |
Changelog
by Django (2018-10-22):
- Documentation patches by Sven Neuhaus. Files:
proto/FORWARD_SECRECY_README.html, proto/MILTER_README.html,
proto/SMTPD_ACCESS_README.html.
- Cleanup: missing mailbox seek-to-end error check in the
local(8) delivery agent. File: local/mailbox.c.
Cleanup: incorrect mailbox seek-to-end error message in the
virtual(8) delivery agent. File: virtual/mailbox.c.
- Licence: in addition to the historical IBM Public License
1.0, this software is now also distributed with the more
recent Eclipse Public License 2.0. Recipients can choose
to take the software under the license of their choice.
Those who are more comfortable with the IPL can continue
with that license. File: LICENSE.
- Cleanup: added 22 missing *_maps parameters to the default
proxy_read_maps setting. Files: global/mail_params.h.
- Bugfix (introduced: 20120117): postconf should scan only
built-in or service-defined parameters for ldap, *sql, etc.
database names. Files: postconf/postconf_user.c.
- Bugfix (introduced: 19990302): when luser_relay specifies
a non-existent local address, the luser_relay feature becomes
a black hole. Reported by Jørgen Thomsen. File: local/unknown.c.
- Bugfix (introduced: Postfix 2.8): missing tls_server_start()
error propagation in tlsproxy(8) resulting in segfault after
TLS handshake error. Found during code maintenance. File:
tlsproxy/tlsproxy.c.
|
postfix-pgsql-3.1.1-1.el7.centos.x86_64
[26 KiB] |
Changelog
by Django (2017-12-28):
* Cleanup: "match_list_match: permit_mynetworks: no match" after
a SUCCESSFUL permit_mynetworks match of a client IP address was
complicating troubleshooting. The fix is to log additional
context to clarify that this "no match" condition is for
smtpd_log_access_permit_actions. File: smtpd/smtpd_check.c.
* Documentation: typos in postfix-tls-script(1) manpage.
line wrapping in postconf(1) manpage.
* Bugfix (introduced: Postfix 2.6): the Milter SMFIR_CHGFROM
(replace sender) request lost the sender_bcc_maps address.
Fixed by moving some record keeping to the sender output
function. Files: cleanup/cleanup_envelope.c,
cleanup/cleanup_addr.c, cleanup/cleanup_milter.c,
cleanup/cleanup.h, regression tests.
* Bugfix (introduced: Postfix 2.6): the "bad filetype"
header_checks pattern falsely rejected Content-Mumble headers
with ``name="example"; x-apple-part-url="example.com"''.
Fixed by respecting the ";" separator between content
attribute values. Reported by Cedric Knight. File:
proto/header_checks.
Portability: OpenBSD 6.0. Files: makedefs, util/sys_defs.h.
|
postfix-pgsql-3.0.3-1.el7.centos.x86_64
[22 KiB] |
Changelog
by Django (2015-10-10):
- fixpack-release
* The uxtext_unquote() function had the same problem as
xtext_unquote(), because one was created by copying the
other. The Postfix SMTP server uses this function to
parse input for the ORCPT parameter when the remote
SMTP client sends SMTPUTF8 mail.
* Unreported bug: Postfix smtpd_mumble_restrictions could
report an incorrect reason for failed DNS lookups. Fixed
by saving and restoring h_errno while evaluating the
result from multi-query DNS lookups.
* The COMPATIBILITY_README text and HTML files were not
installed.
|
postfix-pgsql-3.0.0-1.el7.centos.x86_64
[17 KiB] |
Changelog
by Django (2015-02-20):
- initial build for CentOS 7
|