Newer
Older
Documentation: in the discard(8) manpage, the reason is not
a host or domain name. File: discard/discard.c.
20131025
Documentation: specify the expected result format with
"list" tables. File: proto/DATABASE_README.html.
20131026
Future proofing: API changes in the PCRE library. File:
util/dict_pcre.c.
19015
19016
19017
19018
19019
19020
19021
19022
19023
19024
19025
19026
19027
19028
19029
19030
19031
19032
19033
19034
19035
19036
19037
19038
19039
19040
19041
19042
19043
19044
19045
19046
19047
19048
19049
19050
19051
19052
19053
19054
19055
19056
19057
19058
19059
19060
19061
19062
19063
19064
19065
19066
19067
19068
19069
19070
19071
19072
19073
19074
19075
19076
19077
19078
19079
19080
19081
19082
19083
19084
19085
19086
19087
19088
19089
19090
19091
19092
19093
19094
19095
19096
19097
19098
19099
19100
19101
19102
19103
19104
19105
19106
19107
19108
19109
19110
19111
19112
19113
19114
19115
19116
19117
19118
19119
19120
19121
19122
19123
19124
19125
19126
19127
19128
19129
19130
19131
19132
19133
19134
19135
19136
19137
19138
19139
19140
19141
19142
19143
19144
19145
19146
19147
19148
19149
19150
19151
19152
19153
19154
19155
19156
19157
19158
19159
19160
19161
19162
19163
19164
19165
19166
19167
19168
19169
19170
19171
19172
19173
19174
19175
19176
19177
19178
19179
19180
19181
19182
19183
19184
19185
19186
19187
19188
19189
19190
19191
19192
19193
19194
19195
19196
19197
19198
19199
19200
19201
19202
19203
19204
19205
19206
19207
19208
19209
19210
19211
19212
19213
19214
19215
19216
19217
19218
19219
19220
19221
19222
19223
19224
19225
19226
19227
19228
19229
19230
19231
19232
19233
19234
19235
19236
19237
19238
19239
19240
19241
19242
19243
19244
19245
19246
19247
19248
19249
19250
19251
19252
19253
19254
19255
19256
19257
19258
19259
19260
19261
19262
19263
19264
19265
19266
19267
19268
19269
19270
19271
19272
19273
19274
19275
19276
19277
19278
19279
19280
19281
19282
19283
19284
19285
19286
19287
19288
19289
19290
19291
19292
19293
19294
19295
19296
19297
19298
19299
19300
19301
20131028
Feature: check_sasl_access to block hijacked logins. Files:
mantools/postlink, proto/postconf.proto, global/mail_params.h,
smtpd/smtpd_check.c, smtpd/smtpd_dsn_fix.h.
20131029-31
Cleanup: slmdb(3) simplified LMDB API that hides recoverable
LMDB errors from applications so that they can focus on
their own job. Files: util/slmdb.[hc].
Cleanup: LMDB functionality restored, after elimination of
1) world-writable lockfiles, 2) hard limits on the number
of concurrent readers, and 3) hard-coded database file inode
numbers in lockfiles that can prevent automatic crash
recovery. Files: proto/LMDB_README.html, proto/postconf.proto,
mantools/postlink, util/dict_lmdb.c.
20131101
Cleanup: restore ability to build without LMDB support;
further slmdb API streamlining. Files: util/slmdb.[hc],
util/dict_lmdb.c.
Bugfix: uninitialized variable. File: util/slmdb.c.
Documentation: added SASL_README example for check_sasl_access.
File: proto/SASL_README.html.
20131102-3
Security violation: by default, LMDB 0.9.9 writes uninitialized
heap memory to a world-readable database file, as chunks
of up to 4096 bytes. This is a huge memory disclosure
vulnerability: memory content that a program does not intend
to share ends up in a world-readable file. The content of
uninitialized heap memory depends on program execution
history. That history includes code execution in other
libraries that are linked into the program.
This is a problem whenever the user who writes the database
file differs from the user who reads the database file. For
example, a privileged writer and an unprivileged reader.
In the case of Postfix, the postmap(1) and postalias(1)
commands would leak uninitialized heap memory, as chunks
of up to 4096 bytes, from a root-privileged process that
writes to a database file, to unprivileged processes that
read from that database file.
To work around this problem the postmap(1) and postalias(1)
commands disable the use of malloc() in LMDB. However, that
does not address several disclosures of stack memory. Other
Postfix databases do not need this workaround: those databases
are maintained by Postfix daemon processes, and are accessible
only by the postfix user. File: util/dict_lmdb.c.
20131102-3
Cleanup: expand TAB characters when generating documentation.
This was primarily an issue with non-HTML output, but it does
not hurt to do this also for HTML. Files: proto/Makefile.in,
proto/MULTI_INSTANCE_README.html.
20131104
Feature: ${queue_id} macro support for the pipe(8) delivery
agent by Andreas Schulze. File: pipe/pipe.c.
20131107
Cleanup: after 16 years the SKIP() and TRIM() macros were
triggering compiler warnings. Files: global/mail_params.c,
smtpstone/smtp-sink.c, util/mac_parse.c, util/split_nameval.c.
20131110
Bugfix (introduced Oct 26 1997): don't clobber errno before
expanding %m. File: util/vbuf_print.c.
20131114
Cleanup: LMDB >= 0.9.10 does not need the MDB_WRITEMAP
workaround to avoid heap memory information leaks. File:
util/dict_lmdb.c.
20131114
Cleanup: Coverity found a harmless memory leak in the
postconf master.cf parser. Reported by Christos Zoulas,
NetBSD. File: postconf/postconf_master.c.
Cleanup: graceful degradation after database open() error.
Several instances of that code introduced a harmless memory
leak, and Coverity complained about one of them (Christos
Zoulas, NetBSD). Instead of adding random code in random
places, restructured dict_foo_open() routines with consistent
code to dispose of memory or file handles. Files: dict_thash.c,
dict_sockmap.c, dict_regexp.c, dict_pcre.c, dict_lmdb.c,
dict_dbm.c, dict_cidr.c, dict_cdb.c.
Cleanup: warning message after canonical/virtal/etc.
table lookup error. Files: cleanup/cleanup_addr.c,
cleanup/cleanup_map11.c, cleanup/cleanup_map1n.c,
cleanup/cleanup_masquerade.c, cleanup/cleanup_message.c,
cleanup/cleanup_milter.c.
20131116
Feature: MySQL client support for option_file, option_group,
tls_cert_file, tls_key_file, tls_CAfile, tls_CApath,
tls_verify_cert. See mysql_table(5). Code by Gareth Palmer.
Files: proto/mysql_table, global/dict_mysql.c.
Cleanup: DANE support. Keep the attributes of TA certificates
obtained via "IN TLSA 2 0 X" RRs, while continuing to only
use the key from "IN TLSA 2 1 X" RRs. This means in the
"2 0 X" case that we re-sign the TA certificate in place,
rather than synthesize a vanilla cert around just the key.
Viktor Dukhovni. File: tls/tls_dane.c.
Bugfix: posttls-finger parsing of destination and optional
match values. Viktor Dukhovni. File:
posttls-finger/posttls-finger.c.
Cleanup: When wrap_signed is false (OpenSSL 1.0.2 some day),
we don't have to sign trust anchors, and don't generate a
key to do so. Thus don't attempt to re-sign trust-anchor
certificates (IN TLSA 2 0 X) in this case. Viktor Dukhovni.
File: tls/tls_dane.c.
Feature: configurable DANE digest algorithm priority. Use
only the most-preferred, shared, digest algorithm for any
give (usage, selector) combination. Viktor Dukhovni.
mantools/postlink, proto/postconf.proto, global/mail_params.h,
tls/tls_dane.c, tls/tls_misc.c.
Bugfix: FreeBSD nroff workaround messed up. File:
mantools/postlink.
20131118
Cleanup: FreeBSD nroff workaround. Files: man/Makefile.in,
proto/Makefile.in.
Cleanup: the smtpd_proxy_filter client now sends QUIT before
closing the connection to a content filter. Files:
smtpd/smtpd_proxy.c, smtpd/smtpd.c.
Portability: C99 va_copy() compatibility, in case some
implementation does not permit multiple va_start() calls
on the same argument list. Files: global/memcache_proto.c,
milter/milter8.c, smtpstone/smtp-source.c, util/attr_clnt.c,
util/concatenate.c, util/dict_surrogate.c, util/netstring.c,
util/compat_va_copy.h.
Cleanup: comment formatting. Viktor Dukhovni. File: dns/dns.h.
Cleanup: removed redundant sort operation. Viktor Dukhovni.
File: tls/tls_dane.c.
20131119
Feature: a Postfix LMDB database can now be used as shared
persistent cache with multiple postscreen(8) or verify(8)
daemons (but not both), without the need for a shared
proxymap server. Files: util/dict.h, util/dict_alloc.c,
util/dict_open.c, util/dict_lmdb.c.
Internal: DNS client support to report reply RCODE information,
in addition to the simplified DNS_NOTFOUND, DNS_RETRY etc.
Portability note: this requires the C99 __VA_ARGS__ feature.
Files: dns/dns.h. dns/dns_lookup.c, dns/test_dns_lookup.c.
20131120
Cleanup: reduced the code footprint for the LMDB < 0.9.10
heap-to-file information leak workaround, and simplified
the implementation to "good enough". Files: util/dict.h,
util/dict.c, util/dict_lmdb.c, postalias/postalias.c,
postmap/postmap.c.
Cleanup: reduced the code footprint for the handling of
multi-writer safe maps. A map only needs to assert that it
is multi-writer safe, and the rest just happens. Files:
util/dict.h, util/dict_open.c, util/dict_lmdb.c,
global/dict_memcache.c.
Cleanup: Postfix daemons no longer restart when a multi-writer
safe map is updated. File: util/dict.c.
Documentation: sharing an LMDB cache between multiple
verify(8) or postscreen(8) servers (but not both). Files:
proto/ADDRESS_VERIFICATION_README.html,
proto/POSTSCREEN_README.html.
Cleanup: improve suppression of TLSA lookups in insecure
zones. This is now applied not only to non-MX destinations,
but also to each MX record. Viktor Dukhovni. Files:
src/posttls-finger/posttls-finger.c, src/smtp/smtp_tls_policy.c,
src/tls/tls.h, src/tls/tls_dane.c.
Workaround: increased the 5s connection timeout to 30s.
Viktor Dukhovni. File: posttls-finger/posttls-finger.c.
20131121
Documentation: new socketmap_table(5) and lmdb_table(5)
manpages. Files: mantools/postlink, conf/postfix-files,
html/Makefile.in, man/Makefile.in, proto/DATABASE_README.html,
postconf/postconf.c, proto/socketmap_table, proto/lmdb_table.
20131122
Documentation: missing database hyperlinks, refined text
about partial lookup keys. Files: mantools/postlink,
proto/DATABASE_README.html, proto/lmdb_table,
proto/socketmap_table.
20131123
Feature: support for NOTIFY parameter in the Milter
SMFIR_ADDRCPT_PAR request. Contributed by by Andrew Ayer.
Wietse added support for ORCPT. Files: cleanup/cleanup.h,
cleanup/cleanup_milter.c, cleanup/cleanup_state.c,
global/xtext.c, global/xtext.h, milter/test-milter.c.
20131122
Feature: "postconf -Fe service/type/attribute = value" edits
master.cf attribute values. The -e is optional. Example:
use "postconf -F "*/*/chroot = n" to turn off chroot on all
master.cf services. Files: postconf/postconf.h,
postconf/postconf.c, postconf/postcof_master.c,
postconf/postconf_edit.c.
20131124
Cleanup: remove extra blank line from ccformat output,
making it compatible with the script that Wietse actually
uses (this line was part of a test to detect file truncation,
but it is now obsolete). File: mantools/ccformat.
Feature: master.cf parameter namespace. "postconf -P" shows
master.cf parameter settings as "service/type/parameter =
value". This is applicable only to parameter settings in
master.cf. Files: postconf/postconf.h, postconf/postconf.c,
postconf/postcof_master.c, postconf/postconf_print.c.
Incompatibility: the master_service_disable syntax has
changed: use "service/type" instead of "service.type". The
new form is consistent with master.cf parameter namespaces.
The old form is still supported to avoid breaking existing
configurations. Files: global/master_service.c,
master/master_ent.c.
20131125
Feature: change, add or delete "-o parameter=value" setting
in master.cf. Examples: "postconf -P smtp/inet/parameter=value"
(add or modify "-o name=value" setting) and "postconf -P
smtp/inet/parameter" (delete "-o parameter=value" setting).
Files: util/argv.[hc], postconf/postconf.h,
postconf/postconf_edit.c, postconf_master.c.
20131126
Cleanup: Leave SSLv3 enabled with DANE. Viktor Dukhovni.
Files: proto/TLS_README.html proto/postconf.proto
tls/tls_client.c.
Cleanup: DANE support: Drop support for usage 0. It SHOULD
NOT be supported in DANE with SMTP, and we already don't
support digest TLSA RRs in this case, while full content
TLSA RRs are not recommended for DNS bloat reasons. Viktor
Dukhovni. Files: proto/postconf.proto src/global/mail_params.h
src/smtp/smtp.c src/tls/tls_dane.c src/tls/tls_misc.c.
Feature: TLS support: Support future digest algorithms
without re-compilation. Viktor Dukhovni. Files: .indent.pro
proto/postconf.proto src/tls/tls_dane.c.
Feature: DNS support: New configurable digest agility.
Viktor Dukhovni. Files: .indent.pro proto/TLS_README.html
proto/postconf.proto src/global/mail_params.h src/tls/tls_dane.c
src/tls/tls_misc.c.
20131127
Bugfix (introduced: 20090106): the postconf '-#' option
erased prior options. File: postconf/postconf.c.
20131129
Bugfix: Makefile example in MULTI_INSTANCE_README. Viktor
Dukhovni. File: proto/MULTI_INSTANCE_README.html.
Cleanup: simplify fingerprint security level implementation
in new DANE code. Viktor Dukhovni. Files: src/tls/tls.h
src/smtp/smtp_tls_policy.c src/tls/tls_dane.c
src/posttls-finger/posttls-finger.c.
Cleanup: safe_strtoul() did not report an error for empty
or all-space input (the code to report this was in the wrong
place). This was not a problem as long as safe_strtoul()
was used only for output from safe_ultostr(). Files:
global/safe_ultostr.c, global/safe_ultostr.in,
global/safe_ultostr.ref.
Documentation: updated description of SSL protocol controls.
In particular, enabled protocols are part of a contiguous
range. Viktor Dukhovni. Files: proto/TLS_README.html,
proto/postconf.proto.
Bugfix: DANE support: handle OpenSSL memory allocation
error. Viktor Dukhovni. File: tls/tls_dane.c.
Cleanup: LMDB_README was not installed. File: conf/postfix-files.
Portability: on some platforms posttls-finger now requires
explicitly linking libdl. File: posttls-finger/Makefile.in.
Cleanup: DANE support: extension gymnastics. Viktor Dukhovni.
File: tls/tls_dane.c.
Bugfix: DANE support: the wrap_cert() and wrap_key() calls
should never fail, but some callers ignored the return
value. The only failure is for lack of memory, so we use
msg_fatal() internally and change wrap_cert() and wrap_key()
to return void. Viktor Dukhovni. File: tls/tls_dane.c.
Bugfix: DANE support: avoid making DANE certificates with
replaced public-keys appear as if they were self-signed.
Viktor Dukhovni. File: tls/tls_dane.c.
Cleanup: DANE support: simplify grow_chain() to always apply
trust consistently. Viktor Dukhovni. File: tls/tls_dane.c.
Bugfix: DANE support: backport fixes from OpenSSL DANE
testing. Discard errors generated by raw TA key signature
checks. Record the tadepth as zero with self-signed depth
0 TAs. Robustness: Though it should never happen, don't
update the tadepth if already set. Viktor Dukhovni. Files:
tls/tls_dane.c, tls/tls_server.c.
Cleanup: OpenSSL "const" declarations have changed over
time. Viktor Dukhovni. Files: src/tls/tls.h, src/tls/tls_client.c,
src/tls/tls_dane.c, src/tls/tls_server.c.
Cleanup: TLS support. Eliminate calls of deprecated functions
before they are removed from OpenSSL. CRYPTO_thread_id is
deprecated and we don't need it. Replace the deprecated
ERR_remove_state() call with ERR_remove_thread_state(), and
use RSA_generate_key_ex(). Viktor Dukhovni. Files:
posttls-finger/posttls-finger.c, tls/tls_misc.c, tls/tls_rsa.c.
Cleanup: DANE support: Reduce #ifdef clutter to improve
redability and maintability. Viktor Dukhovni. File:
tls/tls_dane.c.
Future proofing: Tolerate disappearance of named bug-workaround
bits without invalidating user configurations. When support
for a bug workaround is removed from OpenSSL, the corresponding
bit is defined as zero (i.e. NOOP) intstead of causing
programs to break. Viktor Dukhovni. File: tls/tls_misc.c.
Portability: RSA_generate_key_ex() is not available on all
supported platforms, so this change is made conditional.
Enforce that this function will be used only for creating
a 512-bit ephemeral RSA key. Viktor Dukhovni. File:
tls/tls_rsa.c.
Documentation: new document FORWARD_SECRECY_README that
describes how different versions of Postfix >= 2.2 implement
"perfect" forward secrecy. Viktor Dukhovni. File:
proto/FORWARD_SECRECY_README.html, proto/Makefile.in,
conf/postfix-files, html/index.html.
Cleanup: renamed postconf(1) internal identifiers according
to a consistent scheme, to avoid future name conflicts as
Postfix evolves. This is a no-feature change. Files:
postconf/*.[hc], postconf/extract.awk.
Documentation: linearized the order of exposition in
FORWARD_SECRECY_README. File: proto/FORWARD_SECRECY_README.html.
Bugfix: DANE support: segfault. Viktor Dukhovni. File:
tls/tls_dane.c.
Documentation: typo in SASL_README. Patrick Ben Koetter.
File: proto/SASL_README.html.
Documentation: increased the *.[0-9].html manpage width
from the historical 65 columns to the more contemporary 78
columns, and future-proofed the pattern that eliminates
redundant text from the "README FILES" section. Files:
mantools/postlink, mantools/man2html, man/Makefile.in.
Documentation: misc manual page cleanups. Files:
postconf/postconf.c, postmulti/postmulti.c.
Testbed: TLS support. Viktor Dukhovni. Files: tls/Makefile.in,
tls/tls_dane.c, tls/tls_dane.sh, tls/tls_mgr.c, .indent.pro.
Documentation: added section on how to verify that forward
secrecy works. File: proto/FORWARD_SECRECY_README.html.
Documentation: forward secrecy, with feedback from Adam
Shostack. Viktor Dukhovni and Wietse Venema. File:
proto/FORWARD_SECRECY_README.html.
Feature: smtpd_sasl_service (until now, this was hard-coded
internally as "smtp"). On request by Michal (sksoft.cz).
Files: global/mail_params.h, proto/postconf.proto,
mantools/postlink, smtpd/smtpd.c, smtpd/smtpd_sasl_glue.c.
Documentation: updated example to Dovecot version 2 syntax.
File: proto/SASL_README/html.
Cleanup: DANE support: test script. Viktor Dukhovni. File
tls/tls_dane.sh.
Debugging: test driver for LMDB debugging and stress testing.
Shockingly, LMDB terminates the postscreen daemon without
logfile record. File: util/dict_cache.c.
Bugfix: close the LMDB database cursor's read transaction
before writing with MDB_NOLOCK and before changing the
database memory map size. File: util/slmdb.c.
19475
19476
19477
19478
19479
19480
19481
19482
19483
19484
19485
19486
19487
19488
19489
19490
19491
19492
19493
19494
19495
19496
19497
19498
19499
19500
19501
19502
19503
19504
19505
19506
19507
19508
19509
19510
19511
19512
19513
19514
19515
19516
19517
19518
19519
19520
19521
19522
19523
19524
19525
19526
20140103
Cleanup: eliminated data duplication from the new SMTP_ITERATOR
structure to the old SMTP_SESSION structure. The SMTP_ITERATOR
structure now maintains the sole copy. Files: smtp/smtp.h,
smtp_sasl_auth_cache.c, smtp_reuse.c, smtp_sasl_glue.c,
smtp_rcpt.c, smtp_session.c, smtp_chat.c, smtp_proto.c,
smtp_connect.c.
20140104
Feature: support for optional configuration files
"$daemon-directory/postfix-files.d/*". These are processed
in sorted order after "$daemon-directory/postfix-files",
This avoids breaking "postfix set-permissions" etc. when a
Postfix distribution comes in multiple packages. File:
conf/post-install.
20140107
Feature: LMDB 0.9.11 allows Postfix daemons to log an LMDB
error message, instead of falling out of the sky without
any notification. Files: util/slmdb.[hc], util/dict_lmdb.c.
20140108
Bugfix: every Postfix LMDB transaction is now protected by
an external lock for its entire life time. File: util/slmdb.c.
20140109
Cleanup: turn off DNSSEC lookup after CNAME redirection to
an insecure zone. This is an optimization for resolvers
that do not automatically resolve CNAME chains. Viktor
Dukhovni. File: dns/dns_lookup.c.
Cleanup: do not salt the SMTP TLS policy lookup cache key
with the DNSSEC status. The DNSSEC status will not change
when the same nexthop/host pair is looked up repeatedly.
Viktor Dukhovni. File: smtp/smtp_tls_policy.c.
Robustness: Suppress TLSA lookups only when the qname zone
is insecure, not just because the rname zone is insecure.
This requires an extra T_CNAME lookup for the qname, since
nameservers are often "too helpful" and report CNAME records
together with the CNAME targets. When the targets are
insecure the whole reply is marked as insecure. Viktor
Dukhovni. File: tls/tls_dane.c.
Cleanup: Unify/simplify reporting of configuration or other
conditions that prevent DANE security. Viktor Dukhovni.
Files: global/dsn_buf.[hc], tls/tls_dane.c, smtp/smtp_tls_policy.c.
19531
19532
19533
19534
19535
19536
19537
19538
19539
19540
19541
19542
19543
19544
19545
19546
19547
19548
19549
19550
19551
19552
19553
19554
19555
19556
19557
19558
19559
19560
19561
19562
19563
19564
19565
19566
19567
19568
19569
19570
19571
19572
19573
19574
19575
19576
20140116
Workaround: prepend "-I. -I../../include" to CCARGS, to
avoid name clashes with non-Postfix header files. File:
makedefs.
20140125
Cleanup: postconf(1) manpage missing version attribution
and incorrect "author" formatting. File: postconf/postconf.c.
20140223
Logging: the TLS client logged that an "Untrusted" TLS
connection was established instead of "Anonymous". Viktor
Dukhovni. File: tls/tls_client.c.
20140227
Bugfix: Enforce TLS when TLSA records exist, but all are
unusable; Don't leak dane handle when all TLSA records are
unusable. Viktor Dukhovni. File: smtp/smtp_tls_policy.c.
Cleanup: log TLS policy lookup errors as warnings. Viktor
Dukhovni. File: smtp/smtp_connect.c.
20140407
Documentation: the documentation for Postfix > 2.8 TLS
activity logging was incorrect. Loglevel 0 produces no
logging. Instead, information is logged only with loglevel
1 or higher. Viktor Dukhovni. Files: proto/TLS_README.html,
proto/postconf.proto.
20140507
Bugfix (introduced: Postfix 2.11): with connection caching
enabled (the default), recipients could be given to the
wrong mail server. Root cause: due to an incorrect predicate,
the Postfix SMTP client could save and restore plaintext
connections that should not be cached, under nonsensical
lookup keys that did not distinguish by destination. Problem
reported by Sahil Tandon, predicate error found by Viktor,
redundant connection restore request eliminated by Wietse.
File: smtp/smtp_connect.c.
19577
19578
19579
19580
19581
19582
19583
19584
19585
19586
19587
19588
19589
19590
19591
19592
19593
19594
19595
19596
19597
19598
19599
19600
19601
19602
20140619
Bugfix (introduced: 2001): qmqpd null pointer bug when it
logs a lost connection while not in a mail transaction.
Reported by Michal Adamek. File: qmqpd/qmqpd.c.
20140920
Bugfix (introduced: 20080212): incorrect client name in
reject messages from check_reverse_client_hostname_access
and check_reverse_client_hostname_{mx,ns}_access. They
replied with the verified client name, instead of the name
that was rejected. Problem reported by Reindl Harald. File:
smtpd/smtpd_check.c.
20141012
Bugfix (introduced: Postfix 2.3): the PREPEND access/policy
action added headers ABOVE Postfix's own Received: header,
exposing Postfix's own Received: header to Milters (protocol
violation) and hiding the PREPENDed header from Milters.
The latter caused problems for DMARC implementations with
SPF policy plus DKIM Milter. PREPENDed headers are now
added BELOW Postfix's own Received: header and remain visible
to Milters. File: smtpd/smtpd.c.
19603
19604
19605
19606
19607
19608
19609
19610
19611
19612
19613
19614
19615
19616
19617
19618
19619
19620
20141014
Portability: Darwin 11.x needs to link with -lresolv. Viktor
Dukhovni. File: makedefs.
20141018
Bugfix (introduced: Postfix 2.3): when a Milter inserted a
header ABOVE Postfix's own Received: header, Postfix would
expose its own Received: header to Milters (violating
protocol) and hide the Milter-inserted header from Milters
(wtf). Files: cleanup/cleanup.h, cleanup/cleanup_message.c,
cleanup/cleanup_state.c, milter/milter.[hc], milter/milter8.c.
Cleanup: revert the workaround that places headers inserted
with PREPEND actions or policy requests BELOW Postfix's own
Received: message header. File: smtpd/smtpd.c.
19621
19622
19623
19624
19625
19626
19627
19628
19629
19630
19631
19632
19633
19634
19635
19636
19637
19638
19639
19640
19641
19642
19643
20141025
Bugfix (introduced: Postfix 2.11): core dump when
smtp_policy_maps specifies an invalid TLS level. Viktor
Dukhovni. File: smtp/smtp_tls_policy.c.
20150106
Robustness: don't segfault due to excessive recursion after
a faulty configuration runs into the virtual_alias_recursion_limit.
File: global/tok822_tree.c.
20150115
Safety: stop aliasing loops that exponentially increase the
address length with each iteration. Back-ported from Postfix
3.0. File: cleanup/cleanup_map1n.c.
20150117
Cleanup: missing " in \%s\" in postconf(1) fatal error
messages. Iain Hibbert. File: postconf/postconf_master.c.