Skip to content
HISTORY 465 KiB
Newer Older
Boris Mühmer's avatar
Boris Mühmer committed
20061213

Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix: race condition in "ETRN site", "sendmail -qRsite"
	and "postqueue -s site". When the command arrived while an
	incoming queue scan was already in progress, mail could
	stay deferred instead of being flushed. The fix was to
	unthrottle the queue manager before moving files from the
	deferred queue to the incoming queue.  Files: flush/flush.c,
	qmgr/qmgr_scan.c.

Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the sendmail and postqueue commands no longer
	terminate with a non-standard error status after a run-time
	error in some Postfix internal routine (typically, some
	essential file is not accessible, or the system is out of
	memory). Files: sendmail/sendmail.c, postqueue/postqueue.c.

Boris Mühmer's avatar
Boris Mühmer committed
	Feature: "sendmail -qIqueueid" and "postqueue -i queueid"
	to flush a specific queue file. Files: sendmail/sendmail.c,
	postqueue/postqueue.c, global/flush_clnt.c, flush/flush.c.

20061214

	Performance: "sendmail -qIqueueid" and "postqueue -i queueid"
	unthrottle only the necessary message delivery transports
	and queues. The unthrottle request now is propagated to the
	queue manager via queue file group read permission bits.
	Based on initial implementation by Victor Duchovni.  Files:
	flush/flush.c, *qmgr/qmgr.c, *qmgr/qmgr_scan.c,
	*qmgr/qmgr_active.c, *qmgr/qmgr_message.c.

Boris Mühmer's avatar
Boris Mühmer committed
20061220

	Workaround: PMilter 0.95 does not deliver SMFIC_EOB+data
	to the application as SMFIC_BODY+data followed by SMFIC_EOB.
	To avoid compatibility problems, Postfix now sends
	SMFIC_BODY+data followed by SMFIC_EOB.  File: milter/milter8.c.

	Bugfix (introduced with Postfix 2.3): when inserting
	Milter-generated headers at increasing positions in a
	message, a later header could end up at a previously used
	insertion point.  Thus, inserting headers at positions (N,
	N+M) could work as if (N, N) had been specified. Problem
	reported by Mark Martinec.  File: milter/milter8.c.

Boris Mühmer's avatar
Boris Mühmer committed
20061221

	Feature: time unit suffix support in _command_time_limit.
	Files: pipe/pipe.c, spawn/spawn.c.

Boris Mühmer's avatar
Boris Mühmer committed
20061227

	Bugfix (introduced with Postfix 2.3): the MX hostname syntax
	check was skipped with reject_unknown_helo_hostname and
	reject_unknown_sender/recipient_domain, so that Postfix
	would still accept mail from domains with a zero-length MX
	hostname.  File: smtpd/smtpd_check.c.
Boris Mühmer's avatar
Boris Mühmer committed
20061229

	Cleanup: use separate TLS_LEGACY_README to document the old
	TLS user interface. This will simplify TLS_README dramatically.

	Cleanup: untangled spaghetti code. File: util/inet_listen.c.

Boris Mühmer's avatar
Boris Mühmer committed
20070104

	Bugfix (introduced Postfix 2.3): when creating an alias map
	on a NIS-enabled system, don't case-fold the YP_MASTER_NAME
	and YP_LAST_MODIFIED lookup keys. This requires that an
Boris Mühmer's avatar
Boris Mühmer committed
	application can turn on/off case folding on the fly.  Files:
	postalias/postalias.c, global/dict_mumble.c, util/dict_mumble.c,
	proxymap/proxymap.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: after the above revision of the proxymap protocol,
	the proxymap server can now share the same map with clients
	that have only minor differences in dictionary open/access
	options.
Boris Mühmer's avatar
Boris Mühmer committed
20070105
Boris Mühmer's avatar
Boris Mühmer committed
	Performance: pipeline of pending delivery agent connections,
	to improve Linux/Solaris mail delivery performance by another
	10% while going down-hill with the wind from behind. Design
	and implementation Victor and Wietse. Files: *qmgr/qmgr.c,
	*qmgr/qmgr.h, *qmgr/qmgr_transport.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070106
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: eliminate the Linux/Solaris "wait for accept()"
	stage from the queue manager to delivery agent protocol.
	This alone achieves 99.99% of the Linux/Solaris speed up
	from the preceding change. The pending connection pipeline
	takes care of the rest.  Tested on Linux kernels dating
	back to 2.0.27 (that's more than 10 years ago).  Files:
	*qmgr/qmgr_transport.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070112
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced 20011008): after return from nested
	access restriction, possible longjump into exited stack
	frame upon configuration error or table lookup error. Victor
	Duchovni.  Files: smtpd/smtpd_check.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: don't insert header/body blank line separator
	in malformed attachments, to avoid breaking digital signatures.
	Switch from header to body state, for robust MIME parsing.
	People concerned about MIME evasion can use a MIME normalizer
	to corrupt their user's legitimate email.  File:
	global/mime_state.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070114
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: body replacement support for Milter applications.
	Postfix 2.3 and older 2.4 versions will be able to deliver
	body-replaced queue files, but will report the message size
	as it was before the body was replaced.  Files: milter/milter8.c,
	cleanup/cleanup_milter.c, cleanup/cleanup_body_region.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070117
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: reusable infrastructure for body replacement.
	Files: cleanup/cleanup_body_edit.c, cleanup/cleanup_region.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070118
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix: match lists didn't implement ![ipv6address].  Problem
	reported by Paulo Pacheco. File: util/match_list.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: revised the matchlist "!" support, added support
	for !/file/name, and updated the documentation. File:
	util/match_list.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070119-21
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: pad short message headers with a filler record,
	so that the result is never shorter than a pointer record.
	This immensely simplified the support for Milter header
	modification requests: three complex loops could be replaced
	by one simpler loop.  The DTXT record type was re-purposed
	from "deleted header text" to "short header padding", keeping
	the change backwards compatible.  Files: cleanup/cleanup_out.c,
	cleanup/cleanup_milter.c, global/record.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the Milter "add recipient" action always added the
	recipient to the initial envelope segment, causing added
	recipients to be separate from "sendmail -t" recipients.
	This violated design, without impact on delivery (always_bcc
	recipient are always at the end of the queue file even when
	all other recipients are in the initial segment).  File:
	global/rec_types.h.
Boris Mühmer's avatar
Boris Mühmer committed
20070123
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: OpenSSL falsely concludes that AES256 support
	is present when only AES128 is available.  Code by Victor
	Duchovni.  File: tls/tls_misc.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070125
Boris Mühmer's avatar
Boris Mühmer committed
	Disable workaround pending completion of updated TLS]
	support in non-production releases.
Boris Mühmer's avatar
Boris Mühmer committed
20070131
Boris Mühmer's avatar
Boris Mühmer committed
	Assorted code cleanup, portability fixes/workarounds, and
	minor updates: global/dict_ldap.c, mantools/postlink,
	tlsmgs/tlsmgr.c, conf/master.cf. LaMont Jones.
Boris Mühmer's avatar
Boris Mühmer committed
20070101
Boris Mühmer's avatar
Boris Mühmer committed
	Portability: GNU Hurd support for multiple kernel environments.
	LaMont Jones. Files: util/sys_defs.h, makedefs.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: some default settings were adjusted to better fit
	today's environment: queue_run_delay and minimal_backoff_time
	were reduced from 1000s to 300s, so that deliveries are
	retried earlier after the first failure; ipc_idle was reduced
	from 100s to 5s, so that tlsmgr and scache clients will
	more quickly release unused file handles. Files:
	global/mail_params.h, proto/postconf.5.html
Boris Mühmer's avatar
Boris Mühmer committed
20070202
Boris Mühmer's avatar
Boris Mühmer committed
	Catch-up: FreeBSD kqueue support. File: util/events.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070205
Boris Mühmer's avatar
Boris Mühmer committed
	System-V poll(2) support. This is now the preferred method
	to test a single file descriptor on sufficiently recent
	versions of FreeBSD, NetBSD, OpenBSD, Solaris and Linux;
	other systems will be added as evidence becomes available
	of usable poll(2) implementations. Files: util/read_wait.c,
	util/write_wait.c, util/readble.c, util/writable.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Streamlined the event_enable_read/write implementation to
	speed up smtp-source performance, by eliminating expensive
	kqueue/devpoll/epoll system calls when only the application
	call-back information changes. On FreeBSD, smtp-sink/source
	tests now run 5% faster than with the old select(2) based
	implementation.  File util/events.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070206
Boris Mühmer's avatar
Boris Mühmer committed
	Catch-up: Solaris /dev/poll support. File: util/events.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced 20060823): initial state was not in state
	machine, causing memory access outside the lookup table.
	File: smtpstone/smtp-sink.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070210
Boris Mühmer's avatar
Boris Mühmer committed
	Catch-up: Linux epoll support. File: util/events.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070211
Boris Mühmer's avatar
Boris Mühmer committed
	Polished the kqueue/devpoll/epoll support; this is now
	enabled by default on sufficiently recent versions of
	FreeBSD, NetBSD, OpenBSD, Solaris and Linux; other systems
	will be added as evidence becomes available of usable
	implementations. File: util/events.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070212
Boris Mühmer's avatar
Boris Mühmer committed
	Further polish: removed some typos from new code in the
	events.c handler, undid some unnecessary changes to the
	{read,write}{_wait,able}.c modules, and addressed Victor's
	paranoia for multi-client servers with a thousand clients
	while linked with library routines that can't handle file
	descriptors >= FD_SETSIZE.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: while debugging the new events.c handler, removed
	an unnecessary "write after connect" call-back event. File:
	global/post_mail.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070214
Boris Mühmer's avatar
Boris Mühmer committed
	Robustness: in the queue manager keep a number of free file
	descriptor slots at the low end, to work around library
	routines that can't handle file descriptors >= FD_SETSIZE.
	Files: *qmgr/qmgr_transport.c, util/vstream.[hc]
Boris Mühmer's avatar
Boris Mühmer committed
20070215
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced 20070114 with Milter body edit support):
	the cleanup server terminated with a fatal error when SMTP
	mail exceeded the message size limit, instead of handling
	it as a non-fatal error. Files: cleanup/cleanup_extracted.c,
	cleanup/cleanup_final.c, cleanup/cleanup_bounce.c,
	cleanup/cleanup_api.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070217
Boris Mühmer's avatar
Boris Mühmer committed
	Streamline the compile time selection of event handling
	styles, replacing multiple on/off macros by just one
	multi-valued macro. Files: util/sys_defs.h, util/events.c,
	master/multi_server.c, *qmgr/qmgr_transport.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070220
Boris Mühmer's avatar
Boris Mühmer committed
	Work-around: Disable SSL/TLS ciphers when the underlying
	symmetric algorithm is not available in the OpenSSL crypto
	library at the required bit strength. Problem observed with
	SunOS 5.10's bundled OpenSSL 0.9.7 and AES 256. Also possible
	with OpenSSL 0.9.8 and CAMELLIA 256. Root cause fixed in
	upcoming OpenSSL 0.9.7m, 0.9.8e and 0.9.9 releases. Victor
	Duchovni, Morgan Stanley. Files: src/smtp/smtp_proto.c,
	src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_client.c,
	src/tls/tls_misc.c and src/tls/tls_server.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070222

	Workaround: delayed "postfix reload" with ancient FreeBSD4
	kqueue implementations, causing the first external or
	internal clients after "postfix reload" to experience a
	quick disconnect.  Apparently, these kqueue implementations
	do not deliver a read notification when the master closes
	the per-service shared master/child status pipe (even when
	there is only one child; note that the master keeps a handle
	to both ends of each status pipe).  A child process remains
	ignorant that the status pipe was closed until the arrival
	of the next client request, and then terminates.  The
	workaround is to ignore master status write errors before
	handling a service request.  Files: master/*_server.c.

	Cleanup: fix race condition that caused unnecessary "premature
	end-of-input" warning messages when "postfix reload" was
	issued on a busy mail server. Files: util/attr_scan*c.

20070223

	Cleanup: syslog_name now works as documented with both
	daemons and commands (including set-gid commands).  Files:
	global/mail_task.c postlog/postlog.c, global/mail_version.h,
	sendmail/sendmail.c, postsuper/postsuper.c, postalias/postalias.c,
	postmap/postmap.c, postqueue/postqueue.c, postdrop/postdrop.c,
	master/trigger_server.c, master/single_server.c,
	master/multi_server.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070224
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: GNU POP3D creates a new mailbox and deletes the
	old one. Postfix now backs off and retries delivery later,
	instead of appending mail to a deleted file.  To minimize
	the use of this workaround, Postfix now by default creates
	mailbox dotlock files on all systems, and creates dotlock
	files before opening mailbox files.  Files: util/sys_defs.h,
	global/mbox_open.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070301
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: updated workaround for broken Solaris accept().
	File: util/inet_listen.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: on some FreeBSD versions, accept(2) can fail
	with a bogus EINVAL error. We now allow accept(2) to fail
	for a limited number of times before terminating the process.
	Files: master/single_server.c, master/multi_server.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070306
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced with Postfix 2.3 Milter support): postdrop
	reported "illegal seek" instead of "file too large".  File:
	postdrop/postdrop.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070310
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: specify "undisclosed_recipients_header =" to disable
	Postfix's "To: undisclosed-recipients:;" header for mail
	that lists no recipient. The To: header is not required as
	of RFC 2822.  The undisclosed_recipients_header parameter
	value can now be an empty string, a value that was not
	allowed with earlier Postfix versions. With Postfix 2.5 it
	will be empty by default. Files: cleanup/cleanup.c,
	cleanup/cleanup_message.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070312
Boris Mühmer's avatar
Boris Mühmer committed
	Backwards compatibility: don't pad short message header
	records when Milter support is turned off. This maintains
	compatibility with Postfix versions that pre-date Milter
	support. File: cleanup/cleanup_out.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070314
Boris Mühmer's avatar
Boris Mühmer committed
	Bitrot: move the "don't run this daemon by hand" message
	before other tests. Files: master/*server.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070315
Boris Mühmer's avatar
Boris Mühmer committed
	Bitrot: New OpenLDAP APIs deprecate simplified interfaces,
	that are the only ones available in Sun's LDAP SDK. Define
	suitable macros that work with new OpenLDAP and Sun's code.
	Victor Duchovni, Morgan Stanley. File: src/global/dict_ldap.c
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: new "leaf" and "terminal" result attributes support
	fine-tuning of LDAP group expansion, and provide a solution
	for the problem case where DN recursion returns both the
	group address and the addresses of the member objects.
	Victor Duchovni, Morgan Stanley.  Files: src/global/dict_ldap.c,
	proto/LDAP_README.html, proto/ldap_table
Boris Mühmer's avatar
Boris Mühmer committed
20070317
Boris Mühmer's avatar
Boris Mühmer committed
	Idioten Sicherheit: stamp every executable file and every
	core dump file with "mail_version=xxxxx". Adding version
	stamps and checks to every IPC message is too much change
	after code freeze, and requires too much time for testing.
	File: src/global/mail_version.h and every main program file.
Boris Mühmer's avatar
Boris Mühmer committed
20070320
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced between 20070120 and 20070121): the
	cleanup server stored no "delayed mail warning" queue file
	records with "sendmail -t", and no header_checks filter/redirect
	records or content encoding records with other mail.  File:
	global/rec_type.h.
Boris Mühmer's avatar
Boris Mühmer committed
20070321
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced 20070224): local(8) or virtual(8) could
	log a misleading error message after failure to open a
	mailbox file. File: global/mbox_open.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (code should have been updated 20070104): the proxymap
	client did not propagate changes in case folding flags.
	Currently, nothing in Postfix uses this functionality.
	File: global/dict_proxy.c.
Boris Mühmer's avatar
Boris Mühmer committed
20070325
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix: postfix-install didn't work for symlink or hardlink
	targets, when the parent directory had a value of "no".
Boris Mühmer's avatar
Boris Mühmer committed
20070326
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: Eric Raymond's man page formatters don't handle
	low-level *roff .in or .ti controls. We now use .nf and .fi
	instead. Files: many.
Boris Mühmer's avatar
Boris Mühmer committed

20070331

	Bugfix (introduced Postfix 2.3): segfault with HOLD action
	in access/header_checks/body_checks on 64-bit platforms.
	File: cleanup/cleanup_api.c.

20070402

	Portability (introduced 20070325): the fix for hardlinks
	and symlinks in postfix-install forgot to work around shells
	where "IFS=/ command" makes the IFS setting permanent.  This
	is allowed by some broken standard, and affects Solaris.
	File: postfix-install.

	Portability (introduced 20070212): the workaround for
	non-existent library bugs with descriptors >= FD_SETSIZE
	broke with "fcntl F_DUPFD: Invalid argument" on 64-bit
	Solaris.  Files: master/multi_server.c, *qmgr/qmgr_transport.c.

20070421

	Cleanup: on (Linux) platforms that cripple signal handlers
	with deadlock, "postfix stop" now forcefully stops all the
	processes in the master's process group, not just the master
	process alone.  File: conf/postfix-script.
Boris Mühmer's avatar
Boris Mühmer committed

20070425

	Bugfix: don't falsely report "lost connection from
	localhost[127.0.0.1]" when Postfix is being portscanned.
	Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.

20070430

	Robustness: recommend a "0" process limit for policy servers
	to avoid "connection refused" problems when the smtpd process
	limit exceeds the default process limit.  File:
	proto/SMTPD_POLICY_README.html.

20070501

	Safety: when IPv6 (or IPv4) is turned off, don't treat an
	IPv6 (or IPv4) connection from e.g. inetd as if it comes
	from localhost[127.0.0.1].  Files: smtpd/smtpd_peer.c,
	qmqpd/qmqpd_peer.c.

20070508

	Bugfix: Content-Transfer-Encoding: attribute values are
	case insensitive. File: src/cleanup/cleanup_message.c.

20070514

	Bugfix: mailbox_transport(_maps) and fallback_transport(_maps)
	were broken when used with the error(8) or discard(8)
	transports. Cause: insufficient documentation.  Files:
	error/error.c, discard/discard.c.

20070520

	Bugfix (problem introduced Postfix 2.3): when DSN support
	was introduced it broke "agressive" recipient duplicate
	elimination with "enable_original_recipient = no".  File:
	cleanup/cleanup_out_recipient.c.

20070529

	Bugfix (introduced Postfix 2.3): the sendmail/postdrop
	commands would hang when trying to submit a message larger
	than the per-message size limit. File: postdrop/postdrop.c.

20070530

	Sabotage the saboteur who insists on breaking Postfix by
	adding gethostbyname() calls that cause maildir delivery
	to fail when the machine name is not found in /etc/hosts,
	or that cause Postfix processes to hang when the network
	is down.
Boris Mühmer's avatar
Boris Mühmer committed

20070531

	Portability: Victor helpfully pointed out that change
	20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c,
	qmqpd/qmqpd_peer.c.
Boris Mühmer's avatar
Boris Mühmer committed

20070613

	Bugfix: the Milter client assumed that a Milter application
	does not modify the message header or envelope, after that
	same Milter application has modified the message body of
	that same email message. This is not a problem with updates
	by different Milter applications.  Problem was triggered
	by Jose-Marcio Martins da Cruz. Also simplified the handling
	of queue file update errors. File: milter/milter8.c.

20070614

	Workaround: some non-Cyrus SASL SMTP servers require SASL
	login without authzid (authoriZation ID), i.e. the client
	must send only the authcid (authentiCation ID) + the authcid's
	password.  In this case the server is supposed to derive
	the authzid from the authcid. This works as expected when
	authenticating to a Cyrus SASL SMTP server.  To get the old
	behavior specify "send_cyrus_sasl_authzid = yes", in which
	case Postfix sends the (authzid, authcid, password), with
	the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c.

20070619

	Portability: /dev/poll support for Solaris chroot jail setup
	scripts. Files: examples/chroot-setup/Solaris8,
	examples/chroot-setup/Solaris10.

20070719

	Cleanup: Milter client error handling, so that the (Postfix
	SMTP server's Milter client) does not get out of sync with
	Milter applications after the (cleanup server's Milter
	client) encounters some non-recoverable problem.  Files:
	milter/milter8.c, smtpd/smtpd.c.

20070729

	Performance: workaround for poor TCP performance on loopback
	(127.0.0.1) connections. Problem reported by Mark Martinec.
	Files: util/vstream_tweak.c, milter/milter8.c, smtp/smtp_connect.c,
	smtpstone/*source.c.

20070730

	Bugfix: when a milter replied with ACCEPT at or before the
	first RCPT command, the cleanup server would apply the
	non_smtpd_milters setting as if the message was a local
	submission. Problem reported by Jukka Salmi. Also, the
	cleanup server would get out of sync with the milter when
	a milter replied with ACCEPT at the DATA command. Files:
	cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c.
Boris Mühmer's avatar
Boris Mühmer committed

20070731

	Bugfix: the loopback TCP performance workaround was ineffective
	due to a wetware bit-flip during code cleanup.  File:
	util/vstream_tweak.c.
Boris Mühmer's avatar
Boris Mühmer committed

20070911

	Bugfix (introduced Postfix 2.2.11): TLS client certificate
	with unparsable canonical name caused the SMTP server's
	policy client to allocate zero-length memory, triggering
	an assertion that it shouldn't do such things.  File:
	smtpd/smtpd_check.c.

20070912

	Bugfix (introduced Postfix 2.4) missing initialization of
	event mask in the event_mask_drain() routine (used by the
	obsolete postkick(1) command). Found by Coverity.  File:
	util/events.c.

20070917

	Workaround: the flush daemon forces an access time update
	for the per-destination logfile, to prevent an excessive
	rate of delivery attempts when the queue file system is
	mounted with "noatime".  File: flush/flush.c.
Boris Mühmer's avatar
Boris Mühmer committed

20071030

	Bugfix (introduced Postfix 2.3): Postfix mistakenly enforced
	the 64kbyte limit (for sending body parts TO Milter
	applications) also while receiving packets FROM Milter
	applications.  The limit is now at least 1GB.  File:
	milter/milter8.c.

20071202

	Bugfix (introduced Postfix 2.2): don't update the back-to-back
	delivery time stamp while deferring mail. File: *qmgr/qmgr_entry.c.

20071211

	Bugfix (introduced 19980315): the "write" equivalent of
	bugfix 20030104. File: util/vstream.c.

20071213

	Bugfix (introduced Postfix 2.3): the SMTP client never
	marked corrupt files as corrupt. Victor Duchovni. File:
	smtp/smtp_proto.c.

20071229

	Bugfix: the Milter client did not replace the Postfix-specific
	form for unknown host names by the Sendmail-specific form.
	File: milter/milter8.c.

20080104

	Workaround: minor change to the Dovecot AUTH request to
	prevent dovecot-auth memory wastage. Timo Sirainen.  File:
	xsasl/xsasl_dovecot_server.c.

Boris Mühmer's avatar
Boris Mühmer committed
20080228

	Bugfix: bounce(8) segfault on one-line template text.
	Problem found by Sacha Chlytor. File: bounce/bounce_template.c.

20080411

	Bugfix (introduced Postfix 2.0): after "warn_if_reject
	reject_unlisted_recipient/sender", the SMTP server mistakenly
	remembered that recipient/sender validation was already
	done. File: smtpd/smtpd_check.c.

20080428

	Cleanup: the proxy_read_maps (Postfix 2.0) default setting
	was not updated when adding sender/recipient_bcc_maps
	(Postfix 2.1) and smtp/lmtp_generic_maps (Postfix 2.3).
	File: global/mail_params.h.

20080509

	Bugfix: null-terminate CN comment string after sanitization.
	File: smtpd/smtpd.c.

20080603

	Workaround: avoid "bad address pattern" errors with non-address
	patterns in namadr_list_match() calls. File: util/match_ops.c.

20080804

	Bugfix: dangling pointer in vstring_sprintf_prepend().
	File: util/vstring.c.

20080814

	Security: some systems have changed their link() semantics,
	and will hardlink a symlink, contrary to POSIX and XPG4.
	Sebastian Krahmer, SuSE. File: util/safe_open.c.

	The solution introduces the following incompatible change:
	when the target of mail delivery is a symlink, the parent
	directory of that symlink must now be writable by root only
	(in addition to the already existing requirement that the
	symlink itself is owned by root).  This change will break
	legitimate configurations that deliver mail to a symbolic
	link in a directory with less restrictive permissions.

Boris Mühmer's avatar
Boris Mühmer committed
20080826

	Bugfix (introduced Postfix 2.4): epoll file descriptor leak.
	With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll
	file descriptor leak when it executes non-Postfix commands
	in, for example, user-controlled $HOME/.forward files.  A
	local user can access a leaked epoll file descriptor to
	implement a denial of service attack on Postfix. Data
	confidentiality and integrity are not affected.  File:
	util/events.c.
Boris Mühmer's avatar
Boris Mühmer committed

20081203

	Cleanup: adjust the VSTREAM buffer strategy when reusing
	an SMTP connection with a large TCP MSS value. File:
	smtp/smtp_reuse.c.