Skip to content
HISTORY 801 KiB
Newer Older
Boris Mühmer's avatar
Boris Mühmer committed
	util/timed_write.c, util/unix_connect.c, util/unix_listen.c,
	util/unix_recv_fd.c, util/unix_send_fd.c, util/unix_trigger.c,
	util/vbuf.c, util/vbuf.h, util/vstream.c, util/vstream_tweak.c,
	util/vstring.c, util/watchdog.c, verify/verify.c,
	xsasl/xsasl_cyrus_client.c, xsasl/xsasl_cyrus_server.c,
	xsasl/xsasl_dovecot_server.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: removed unnecessary casts. File: global/cfg_parser.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: dont cast away "const". File: global/dict_sqlite.c.
Boris Mühmer's avatar
Boris Mühmer committed
20141208
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced: 20141207): in new #ifdef, && should be
	||.  File: smtpd.c.
Boris Mühmer's avatar
Boris Mühmer committed
20141210
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the "inline" table now supports case-insensitive
	search, and an iterator. File: util/dict_inline.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: minuscule memory leaks in graceful degradation
	after lookup table open error.  Files: util/dict_inline.c,
	util/dict_static.c.
Boris Mühmer's avatar
Boris Mühmer committed
20141211
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: memory leaks in unit-test driver programs (i.e.
	code used only during development). Files:
	cleanup/cleanup_milter.c, util/base64_code.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced 20141001): mac_expand() error message
	with "??" due to dangling pointer. File: util/mac_expand.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Portability: unit-test driver programs. Files: util/myaddrinfo.c,
	util/myaddrinfo.ref.
Boris Mühmer's avatar
Boris Mühmer committed
	Portability: Clang support. Files: makedefs, util/sys_defs.h.
Boris Mühmer's avatar
Boris Mühmer committed
	Portability: FreeBSD 10 support. Files: makedefs,
	util/sys_defs.h.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: in makedefs, the CC and WARN features are now
	independent. File: makedefs.
Boris Mühmer's avatar
Boris Mühmer committed
	Shut up some Clang format-string nags: util/events.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: eliminated unnecessary 64->32bit (and back)
	conversions on LP64 platforms.  Files: util/htable.c,
	util/binhash.c util/mvect.[hc], util/name_mask.c,
	util/sane_time.c, util/unix_listen.c, util/unix_connect.c,
	util/stringops.h, util/trimblanks.c, and dependent code in
	smtpd/smtpd_token.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: unused inet_proto_init() results. Files:
	global/mail_params.c, postconf/postconf_builtin.c,
	smtpstone/qmqp-sink.c, smtpstone/qmqp-source.c,
	smtpstone/smtp-source.c/
Boris Mühmer's avatar
Boris Mühmer committed
	Shut up some Clang nags about unused functions in network
	interface API selection.  File: util/inet_addr_local.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Portability: a historical compiler lacks printf-like
	format-string checks for function pointers. Files: util/msg.h,
	bounce/bounce_template.h.
Boris Mühmer's avatar
Boris Mühmer committed
21067 21068 21069 21070 21071 21072 21073 21074 21075 21076 21077 21078 21079 21080 21081 21082 21083 21084 21085 21086 21087 21088 21089 21090 21091 21092 21093 21094 21095 21096 21097 21098 21099 21100 21101 21102 21103 21104 21105 21106 21107 21108 21109 21110 21111 21112 21113 21114 21115 21116 21117 21118 21119 21120 21121 21122 21123 21124 21125 21126 21127 21128 21129 21130 21131 21132 21133 21134 21135 21136 21137 21138 21139 21140 21141 21142 21143 21144 21145 21146 21147 21148 21149 21150 21151 21152 21153 21154 21155 21156 21157 21158 21159 21160 21161 21162 21163 21164 21165 21166 21167 21168 21169 21170 21171 21172 21173 21174 21175 21176 21177 21178 21179 21180 21181 21182 21183 21184 21185 21186 21187 21188 21189 21190 21191 21192 21193 21194 21195 21196 21197 21198 21199 21200 21201 21202 21203 21204 21205 21206 21207 21208 21209 21210 21211 21212 21213 21214 21215 21216 21217 21218 21219 21220 21221 21222 21223 21224 21225 21226 21227 21228 21229 21230 21231 21232 21233 21234 21235 21236 21237 21238 21239 21240 21241 21242 21243 21244 21245 21246 21247 21248 21249 21250 21251 21252 21253 21254 21255 21256 21257 21258 21259 21260 21261 21262 21263 21264 21265 21266 21267 21268 21269 21270 21271 21272 21273 21274 21275 21276 21277 21278 21279 21280 21281 21282 21283 21284 21285 21286 21287 21288 21289 21290 21291 21292 21293 21294 21295 21296 21297 21298 21299 21300 21301 21302 21303 21304 21305 21306 21307 21308 21309 21310 21311 21312 21313 21314 21315 21316 21317 21318 21319 21320 21321 21322 21323 21324 21325 21326 21327 21328 21329 21330 21331 21332 21333 21334 21335 21336 21337 21338 21339 21340 21341 21342 21343 21344 21345 21346 21347 21348 21349 21350 21351 21352 21353 21354 21355 21356 21357 21358 21359 21360 21361 21362 21363 21364 21365 21366 21367 21368 21369 21370 21371 21372 21373 21374 21375 21376 21377 21378 21379 21380 21381 21382 21383 21384 21385 21386 21387 21388 21389 21390 21391 21392 21393 21394 21395 21396 21397 21398 21399 21400 21401 21402 21403 21404 21405 21406 21407 21408 21409 21410 21411 21412 21413 21414 21415 21416 21417 21418 21419 21420 21421 21422 21423 21424 21425 21426 21427 21428 21429 21430 21431 21432 21433 21434 21435 21436 21437 21438 21439 21440 21441 21442 21443 21444 21445 21446 21447 21448 21449 21450 21451 21452 21453 21454 21455
20141212

	Shut up some Clang format-string nags: util/line_number.c,
	sendmail/sendmail.c, smtpd/smtpd_proxy.c, smtp/smtp_sasl_proto.c.

	Cleanup: eliminated unnecessary 64->32bit (and back)
	conversions on LP64 platforms.  Files: dict_memcache.c,
	header_body_checks.[hc], log_adhoc.c, pipe_command.c,
	record.[hc], smtp_reply_footer.c, split_addr.c.
	cleanup/cleanup_milter.c, master/mail_server.h,
	src/master/trigger_server.c, oqmgr/qmgr.c, qmgr/qmgr.c,
	pickup/pickup.c.

	Cleanup: nullmx SMTP reply codes 550 and 556, and enhanced
	status codes X.1.10 and X.7.27. The nullmx SMTP reply codes
	are no longer configurable.  Files: global/mail_params.h,
	smtpd/smtpd.c, smtpd/smtpd_check.c.

	Portability: default table owner UID for testing.  Files:
	util/dict_alloc.c, util/dict_open.c.

	Shut up Clang unused assignment nag: global/mail_queue.h.
	sendmail/sendmail.c, smtpd/smtpd_proxy.c, smtp/smtp_sasl_proto.c.

20141214

	Bugfix (introduced: 20141212): typo in Clang function pointer
	format check, making it a noop. Viktor Dukhovni. File:
	util/sys_defs.h.

	Maintainability: compile-time argument typechecking for
	variadic attribute-value read/write functions. Files:
	anvil/anvil.c, bounce/bounce.c, cleanup/cleanup.c,
	dnsblog/dnsblog.c, flush/flush.c, global/abounce.c,
	global/anvil_clnt.c, global/bounce.c, global/defer.c,
	global/deliver_pass.c, global/deliver_request.c,
	global/dict_proxy.c, global/dsb_scan.c, global/dsn_print.c,
	global/flush_clnt.c, global/mail_command_client.c,
	global/mail_stream.c, global/msg_stats_print.c,
	global/msg_stats_scan.c, global/post_mail.c, global/rcpt_buf.c,
	global/rcpt_print.c, global/resolve_clnt.c, global/rewrite_clnt.c,
	global/scache_clnt.c, global/trace.c, global/verify_clnt.c,
	local/forward.c, milter/milter.c, milter/milter8.c,
	milter/milter_macros.c, oqmgr/qmgr_deliver.c, pickup/pickup.c,
	postdrop/postdrop.c, postscreen/postscreen_dnsbl.c,
	postscreen/postscreen_send.c, postscreen/postscreen_starttls.c,
	proxymap/proxymap.c, qmgr/qmgr_deliver.c, qmqpd/qmqpd.c,
	scache/scache.c, smtpd/smtpd.c, smtpd/smtpd_check.c,
	tls/tls_mgr.c, tls/tls_proxy_clnt.c, tls/tls_proxy_print.c,
	tls/tls_proxy_scan.c, tlsmgr/tlsmgr.c, tlsproxy/tlsproxy.c,
	trivial-rewrite/resolve.c, trivial-rewrite/rewrite.c,
	trivial-rewrite/trivial-rewrite.c, util/attr.h.

20141217

	Replaced compile-time argument typechecking based on inline
	functions with an implementation based on ternary expressions
	with unreachable assignments to dummy variables.   This
	should produce the exact same result as the approach based
	on inline functions (which were standardized with C99).
	Files: util/check_arg.h, util/attr.h, util/attr.c.

20141221

	Portability: proof-of-concept template for OpenBSD build
	with shared libpostfix etc. libraries. File: makedefs.

20141223

	Cleanup: compile-time variadic argument type checking for
	attribute-value APIs of vstream, vstream_popen, vstring,
	pipe_command, spawn_command, attr_override, and mail_server
	skeletons.  Based on mostly automatic conversion and checking,
	with a manual inspection of the remainder.  Files:
	anvil/anvil.c, bounce/bounce.c, cleanup/cleanup.c,
	cleanup/cleanup_api.c, discard/discard.c, dnsblog/dnsblog.c,
	error/error.c, flush/flush.c, global/attr_override.c,
	global/attr_override.h, global/mail_connect.c, global/mail_queue.c,
	global/mail_stream.c, global/mail_stream.h, global/pipe_command.c,
	global/pipe_command.h, global/smtp_stream.c, global/timed_ipc.c,
	local/command.c, local/local.c, master/event_server.c,
	master/mail_server.h, master/multi_server.c,
	master/single_server.c, milter/milter.c, milter/milter8.c,
	oqmgr/qmgr.c, oqmgr/qmgr_transport.c, pickup/pickup.c,
	pipe/pipe.c, postalias/postalias.c, postcat/postcat.c,
	postdrop/postdrop.c, postmap/postmap.c, postscreen/postscreen.c,
	postscreen/postscreen_dnsbl.c, postscreen/postscreen_haproxy.c,
	postscreen/postscreen_starttls.c, posttls-finger/posttls-finger.c,
	proxymap/proxymap.c, qmgr/qmgr.c, qmgr/qmgr_transport.c,
	qmqpd/qmqpd.c, scache/scache.c, showq/showq.c, smtp/smtp.c,
	smtpd/smtpd.c, smtpd/smtpd_check.c, smtpd/smtpd_proxy.c,
	smtpstone/smtp-source.c, spawn/spawn.c, tls/tls_proxy_clnt.c,
	tls/tls_stream.c, tlsmgr/tlsmgr.c, tlsproxy/tlsproxy.c,
	trivial-rewrite/trivial-rewrite.c, util/auto_clnt.c,
	util/ctable.c, util/dict_cache.c, util/dict_cache.h,
	util/dict_lmdb.c, util/dict_tcp.c, util/netstring.c,
	util/recv_pass_attr.c, util/slmdb.c, util/slmdb.h,
	util/spawn_command.c, util/spawn_command.h, util/vstream.c,
	util/vstream.h, util/vstream_popen.c, util/vstream_tweak.c,
	util/vstring.c, util/vstring.h, verify/verify.c,
	virtual/virtual.c, xsasl/xsasl_dovecot_server.c.

20141224

	Cleanup: the compile-time argument typechecks for attribute-value
	APIs are now by default implemented with inline functions.
	Compile with -DNO_INLINE to implement the argument typechecks
	with ternary operators and unreachable assignments.  Files:
	util/check_arg.h and its consumers.

20141226

	NetBSD6/7 dynamic linking support. Viktor Dukhovni.

	Cleanup: instead of making up new names, use a consistent
	CA_ prefix for macros that implement compile-time argument
	typechecks for non-protocol attribute-value APIs. This
	transformation and its verification are mechanical.

	Bugfix (introduced: Postfix 1.1, but latent before 3.0):
	"postfix-install: daemon_directory: not found" error with
	an ancient Solaris shell.  Fixed by ALSO resetting IFS after
	the end of a ``while IFS=foo command'' loop; counter to
	expectation, the IFS reset in the loop body executed in a
	child process.  Background: some shells implement "IFS=foo
	command" as a permanent IFS change; this was allowed by
	standards at some point in time.  File: postfix-install.

20141227

	Feature: smtp_address_verify_target (default: rcpt) that
	determines what protocol stage decides if a recipient is
	valid. Specify "data" for servers that reject recipients
	after the DATA command. Files: mantools/postlink,
	proto/postconf.proto, proto/ADDRESS_VERIFICATION_README.html,
	global/mail_params.h, smtp/lmtp_params.c, smtp/smtp.c,
	smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c.

20141228

	Cleanup: the IDNA conversion routines now accept both ASCII
	and UTF8 inputs. The functions als verify that either their
	result is a valid ASCII domain name or that it converts
	into a valid ASCII domain name. Files: util/midna.c,
	util/midna_test.in, util/midna_test.ref.

20141230

	Cleanup: s/midna/midna_domain/ for better specificity,
	because we also need functions that act only on the domain
	portion of an email address. Files: bounce/bounce_template.c,
	global/midna_adomain.c, posttls-finger/posttls-finger.c,
	smtp/smtp_addr.c, smtpd/smtpd_check.c, tls/tls_client.c,
	util/midna_domain.[hc], util/valid_utf8_hostname.c.

	Infrastructure: function midna_adomain_to_utf8() (and
	midna_adomain_to_ascii) to convert the domain portion of
	an email address before table lookup. Files:
	global/midna_adomain.[hc].

20141230-20140109

	What is described here is the result of four iterations to
	deal with malformed UTF-8 without massively contaminating
	every Postfix program with new error-handling code paths,
	in particular without triggering fatal errors that didn't
	happen before.

	Infrastructure: function casefold() to support caseless
	string comparison, primarily for table lookups. This function
	supports two modes: case folding a la lowercase() for ASCII
	byte values, and UTF-8 case folding. As recommended at
	http://www.w3.org/International/wiki/Case_folding for
	caseless string comparison, this uses the en_US locale to
	avoid surprises. The implementatin handles the entire RFC
	3629 Unicode range (code points U+0000..U+10FFFF including
	surrogates) and is chroot(2) safe. Files: casefold.c,
	stringops.h.

	Infrastructure: revised the midna_domain_to_ascii and
	midna_domain_to_utf8 domain name conversion functions after
	careful reading of the UTS #46 specification, and after
	observing that ICU 4.8 library functions indeed implement
	this spec, at least with default options. In particular,
	midna_domain_to_utf8 takes an UTF-8 domain name and verifies
	that its A-label form will pass the valid_hostname() test.
	File: util/midna_domain.c.

	Infrastructure: handle UTF-8 errors in lookup table keys
	or values without massively contaminating every Postfix
	program with new error-handling code paths, in particular
	without triggering fatal errors that didn't happen before.
	The lookup/update/delete functions log a warning and ignore
	a request with a bad key (it cannot exist); the update
	functions ignore a request to store a bad value (it cannot
	exist); and the lookup function reports a bad value as a
	configuration error (it should not exist, but there it is).
	Table iterators still report all (key, value) pairs in a
	table. Files: util/dict.h, util/dict_open.c, util/dict_utf8.c,
	global/mkmap_open.c.

	Note that with SMTPUTF8 turned on, each table-driven mechanism
	(access, aliases, etc.) needs to make its own decision
	whether UTF-8 syntax is required. We cannot blindly require
	that everything has valid UTF-8 syntax. That would make
	header/body_checks useless for content inspection, because
	headers may be malformed and bodies may contain legitimate
	binary content that isn't UTF-8.

	Note that with SMTPUTF8 turned off, Postfix must remain
	8-bit clean as it always has been. Table operations must
	not complain that something violates UTF-8 syntax rules.

	UTF-8 sanitization in the Postfix SMTP server.  With
	smtputf8_enable=yes, SMTP commands with UTF-8 syntax errors
	are rejected, table lookup results with invalid UTF-8 syntax
	are handled as configuration errors, and UTF-8 syntax errors
	in policy server replies result in execution of the policy
	server's default action.

20150102

	Cleanup: propagate DICT_ERR_CONFIG through the proxymap
	protocol. Files: global/dict_proxy.[hc], proxymap/proxymap.c.

20150106

	Robustness: don't segfault due to excessive recursion in
	tok822_free_tree() after a faulty configuration runs into
	the virtual_alias_recursion_limit.  File: global/tok822_tree.c.

20150109

	Cleanup: the dict debug module now proxies dict flags.
	File: util/dict_debug.c.

	With "smtputf8_enable = yes", the postmap and postalias
	commands now enable UTF-8 by default (use "-u" to disable)
	with one exception: UTF-8 remains disabled for header/body_checks
	emulation (use "-U" to enable).  Files: postmap/postmap.c,
	postalias/postalias.c.

20150110

	Cleanup: the "inline" and "texthash" implementations now
	reuse the "internal" database instead of reinventing the
	wheel.  Files: util/dict_inline.c, util/dict_thash.c.

	As a first step, with "smtputf8_enable = yes" all features
	based on Postfix matchlists enable UTF-8 syntax checks and
	UTF-8 casefolding for table patterns, but NOT YET for string
	patterns. The list of features includes authorized_flush_users,
	authorized_mailq_users, authorized_submit_users, debug_peer_list,
	fast_flush_domains, mydestination, permit_mx_backup_networks,
	qmqpd_authorized_clients, smtp_connection_cache_destinations,
	smtpd_authorized_verp_clients, smtpd_authorized_xclient_hosts,
	smtpd_authorized_xforward_hosts,
	smtpd_client_event_limit_exceptions,
	smtpd_log_access_permit_actions, smtpd_sasl_exceptions_networks,
	the "domains" feature in ldap_table(5), memcache_table(5)
	mysql_table(5), pgsql_table(5) and sqlite_table(5),
	virtual_alias_domains, virtual_mailbox_domains.

20150111

	Cleanup: simplified the interposition layer that adds UTF-8
	support to Postfix lookup tables. Files: util/dict_utf8.c.

	With "smtputf8_enable = yes", Enable UTF-8 syntax checks
	and UTF-8 casefolding for SMTP server access maps, alias_maps,
	canonical_maps, fallback_transport_maps,
	lmtp_tls_session_cache_database, local_recipient_maps,
	mailbox_command_maps, mailbox_transport_maps, rbl_reply_maps,
	recipient_bcc_maps, recipient_canonical_maps, relay_recipient_maps,
	relocated_maps, sender_bcc_maps, sender_canonical_maps,
	sender_dependent_relayhost_maps, sender_dependent_transport_maps,
	smtp_generic_maps, smtp_sasl_auth_cache_name,
	smtp_sasl_password_maps, smtp_tls_per_site, smtp_tls_policy_maps,
	smtp_tls_session_cache_database, smtpd_sender_login_maps,
	smtpd_tls_session_cache_database, transport_maps,
	virtual_alias_maps, virtual_gid_maps, virtual_mailbox_maps,
	virtual_uid_maps.

20150112

	Infrastructure: support for UTF-8 casefolding in match_lists.
	Instead of using strcasecmp(), casefold all fixed-string
	patterns during initialization, casefold a search string
	at the beginning of the search, and use strcmp() for
	comparison.  Files: util/casefold.c util/dict.h, util/dict_utf8.c,
	util/match_list.c, util/match_list.h, util/match_ops.c,
	util/stringops.h, global/addr_match_list.c, global/domain_list.c,
	global/namadr_list.c, global/string_list.c.

20150113

	Cleanup: show the configuration parameter name in error
	messages while parsing or searching match_list-based features
	such as mydestination, relay_domains and a few dozen more.
	Files: cleanup/cleanup_init.c, flush/flush.c,
	global/addr_match_list.c, global/debug_peer.c,
	global/domain_list.c, global/flush_clnt.c,
	global/match_parent_style.c, global/namadr_list.c,
	global/resolve_local.c, global/string_list.c, global/user_acl.[hc],
	postdrop/postdrop.c, postqueue/postqueue.c,
	postscreen/postscreen.c, qmqpd/qmqpd.c, sendmail/sendmail.c.,
	smtp/smtp.c, smtp/smtp_sasl_glue.c, smtpd/smtpd.c,
	smtpd/smtpd_check.c, trivial-rewrite/resolve.c,
	util/match_list.[hc], util/match_ops.c.

	Cleanup: apply printable() to all bounce(8) service
	string-valued protocol fields. File: bounce/bounce.c.

	Apparenly the UCI 4.8 ucasemap_utf8FoldCase() function does
	not complain about UTF-8 syntax errors, so we add our own
	redundant check. File: util/casefold.c.

20150115

	Bitrot: prepare for future changes in OpenSSL. Viktor
	Dukhovni. Files: tls/tls.h, tls/tls_dh.c, tls/tls_misc.c,
	tls/tls_rsa.c, tls/tls_server.c.

	Documentation: "avoid hash files here, use btree or lmdb
	instead".  File: proto/ADDRESS_VERIFICATION_README.html.

	Safety: virtual_alias_address_length_limit (default: 1000)
	to stop aliasing loops that exponentially increase the
	address length with each iteration. Files: global/mail_params.h,
	mantools/postlink, proto/postconf.proto, cleanup/cleanup.c,
	cleanup/cleanup_init.c, cleanup/cleanup_map1n.c.

20150116

	TLS wrappermode in the Postfix smtp(8) client. This introduces
	a new parameter "smtp_tls_wrappermode" (default: no). Files:
	global/mail_params.h, mantools/postlink, proto/postconf.proto,
	smtp/lmtp_params.c, smtp/smtp.[hc], smtp/smtp_connect.c,
	smtp/smtp_params.c, smtp/smtp_proto.c.

	TLS wrappermode in posttls-finger(1), and some DANE-related
	cleanups. This introduces a new option "-w". Viktor Dukhovni.
	Files: posttls-finger/posttls-finger.c, smtp/smtp_tls_policy.c,
	tls/tls.h, tls/tls_client.c, tls/tls_fprint.c.

20150117

	Cleanup: missing " in \%s\" in postscreen(8) fatal error
	messages. Iain Hibbert. File: postconf/postconf_master.c.

20150118

	Bugfix (introduced: 20140731): when a connection timed out
	before any command was received, the Postfix SMTP server
	"disconnect from" logging would show the content of the
	last SMTP server response (421 4.4.2 $myhostname error:
	timeout exceeded) instead of per-command statistics, because
	there were no statistics to report.  The Postfix SMTP server
	now always logs the total number of commands (commands=x/y)
	even when the client did not send any. This helps logfile
	analyzers to recognize sessions without commands.  File:
	smtpd/smtpd.c.

20150120

	Bugfix (introduced: 20141230-20140109): do not reallocate
	a dictionary handle after it is initialized. This breaks
	CDB. Problem reported by Andreas Schulze. Files: util/dict.h,
	util/dict_alloc.c, util/dict_utf8.c.

	Cleanup: simplified the dict_utf8 wrapper implementation.
	Files: util/dict.h, util/dict_alloc.c, util/dict_utf8.c.

20150121

	Cleanup: undo changes in check_mumble_access() that replaced
	error handling with longjmp() calls. This could introduce
	memory leaks in check_mumble_access() callers. Files:
	smtpd/smtpd_check.c, smtpd/smtpd_error.ref.

20150122

	Cleanup: miscellaneous cruft, typos, comments, error messages.
	proto/COMPATIBILITY_README.html, global/addr_match_list.c,
	global/domain_list.c, global/namadr_list.c, global/string_list.c,
	global/user_acl.c, postalias/postalias.c, postmap/postmap.c,
	tls/tls_client.c, util/dict_alloc.c, util/dict_open.c,
	util/match_list.c.

Boris Mühmer's avatar
Boris Mühmer committed
20150124
Boris Mühmer's avatar
Boris Mühmer committed

	Workaround: nroff has been improved so that "-" comes out as
	some non-ASCII character, unlike HTML where it comes out
	as itself.  Andreas Schulze. This requires jumping a few
	hops to generate HTML and nroff input from the same source
	text.  Files; mantools/srctoman, mantools/postconf2man.

	Cleanup: UTF-8 support in masquerade_domains.  File:
	cleanup/cleanup_masquerade.c.

Boris Mühmer's avatar
Boris Mühmer committed
20150125
Boris Mühmer's avatar
Boris Mühmer committed

	Cleanup: simplified the casefold() API: no input-dependent
	failure modes. Files: cleanup/cleanup_masquerade.c,
	util/casefold.c, util/dict_utf8.c, util/match_list.c,
	util/strcasecmp_utf8.c, util/stringops.h.

	Cleanup: replaced str*casecmp() calls with UTF8-enabled
	versions. Files: bounce/bounce.c, bounce/bounce_append_service.c,
	bounce/bounce_notify_service.c, bounce/bounce_notify_verp.c,
	bounce/bounce_one_service.c, bounce/bounce_trace_service.c,
	bounce/bounce_warn_service.c, cleanup/cleanup_addr.c,
	cleanup/cleanup_map11.c, cleanup/cleanup_map1n.c,
	global/log_adhoc.c, global/mail_addr_find.c, global/mail_params.c,
	global/split_addr.c, global/verify.c, global/verify_sender_addr.c,
	local/alias.c, local/recipient.c, oqmgr/qmgr_message.c,
	qmgr/qmgr_message.c, smtp/smtp_tls_policy.c, smtpd/smtpd_check.c,
	smtpd/smtpd_milter.c, trivial-rewrite/resolve.c,
	util/strcasecmp_utf8.c, util/stringops.h.

20150126

	Portability: added missing #ifdef STRCASECMP_IN_STRINGS_H
	for platforms that require it. Files: dns/dns_rr_filter.c,
	milter/milter8.c, posttls-finger/posttls-finger.c,
	tls/tls_dane.c, tlsproxy/tlsproxy.c, util/dict_test.c.

	Cleanup: replaced lowercase() calls with UTF-8-enabled
	versions. Files: flush/flush.c, global/been_here.c,
	global/delivered_hdr.c, global/fold_addr.c, global/fold_addr.h,
	local/forward.c, local/recipient.c, pipe/pipe.c,
	smtpd/smtpd_resolve.c, util/casefold.c, util/stringops.h,
	virtual/recipient.c.

20150127

Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: simplified the 20150125 and 20150126 APIs, replacing
Boris Mühmer's avatar
Boris Mühmer committed
	the most-common use cases with convenience macros that have
	fewer arguments. Files: anything that implements or invokes
	casefold*() or str*casecmp().

	Documentation: missing words and typos. Matthew Selsky. Files:
	proto/SMTPUTF8_README.html, util/dict_open.c, util/vstream.c.

20150128

	Bugfix: the ICU casemapping API can report success, while
	producing output that is not null-terminated. But we can
	deal with that. File: util/casefold.c.

	Cleanup: unnecessary buffers. File: util/strcasecmp_utf8.c.

	Cleanup: whitespace in source-code documentation has gotten
	damaged through the years. Files: util/iostuff.h,
	util/msg_vstream.h, util/msg_syslog.h, util/msg_output.h,
	util/msg.h, util/inet_proto.c, trivial-rewrite/trivial-rewrite.c,
	tls/tls.h, postconf/postconf.c, master/multi_server.c,
	master/event_server.c, global/memcache_proto.h,
	global/dict_mysql.c, global/dict_ldap.c, discard/discard.c,
	error/error.c, global/dict_proxy.c, global/mail_conf_int.c,
	global/match_parent_style.c, global/scache.c, global/scache.h,
	qmgr/qmgr_entry.c, qmgr/qmgr_peer.c, smtp/smtp_rcpt.c,
	smtpd/smtpd_peer.c, tls/tls_mgr.c, util/attr_scan0.c,
	util/dict_tcp.c, util/hex_code.c, util/valid_hostname.c.

	Cleanup: typos. Files: proto/socketmap_table, proto/mysql_table,
	global/dict_mysql.c, proto/lmdb_table, smtpstone/smtp-sink.c,
	posttls-finger/posttls-finger.c.

	Bugfix: restart the Postfix SMTP server SASL client after
	XCLIENT may have changed the client IP address. Matthew
	Via. File: smtpd/smtpd.c.

20150129

	More whitespace in source-code comment regressions. Viktor
	(mostly) and Wietse.  smtpd/smtpd_proxy.c, util/format_tv.c,
	util/line_wrap.c, util/slmdb.c, qmgr/qmgr_peer.c,
	smtp/smtp_rcpt.c, smtpd/smtpd_peer.c, tls/tls_mgr.c,
	trivial-rewrite/trivial-rewrite.c, util/attr_scan0.c,
	util/dict_tcp.c, util/hex_code.c, util/valid_hostname.c,
	discard/discard.c, error/error.c, global/dict_proxy.c,
	global/mail_conf_int.c, global/match_parent_style.c,
	global/scache.c, qmgr/qmgr_entry.c, global/dict_ldap.c,
	global/dict_mysql.c, posttls-finger/posttls-finger.c,
	smtp/smtp.c, tls/tls_certkey.c.

	Cleanup: avoid hidden buffer allocation in casefold().
	Files: local/forward.c, local/recipient.c, virtual/recipient.c.

	Cleanup: HTML validator errors. Files: proto/postconf.proto,
	proto/TLS_README.html, proto/MILTER_README.html.

	Great rename from 2.12 to 3.0. Lots of files, 99% mechanical.

	Cleanup: HTML entities in *roff manpage source. File:
	mantools/fixman, proto/postconf.proto, smtpd/smtpd.c,
	trivial-rewrite/trivial-rewrite.c.

20150201

	Usability: in error messages, print the CAfile and CApath
	value in double quotes, to clue in people who specify quoted
	pathnames in main.cf. Viktor Dukhovni. Files: tls/tls_certkey.c
	and testing code in posttls-finger/posttls-finger.c.

20150202

	Cleanup: make posttls-finger -k/-K documentation consistent
	with behavior. File: posttls-finger/posttls-finger.c.

20150203
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: API minimization, by making some functions static.
	Files: util/dict.h, util/dict_utf8.c.
Boris Mühmer's avatar
Boris Mühmer committed
20150205
Boris Mühmer's avatar
Boris Mühmer committed
	Preliminary feature: support for building position-independent
	executables (PIE), tested on Fedora Core 20, Ubuntu 14.04,
	FreeBSD 9 and 10, and NetBSD 6. See INSTALL section 4.3 for
	details and limitations. Files: makedefs, proto/INSTALL.html,
	RELEASE_NOTES-3.0.
Boris Mühmer's avatar
Boris Mühmer committed
20150208
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: after many years, the access(5) map BCC action is
	part of the stable release. Files: smtpd/smtpd_check.c,
	proto/acces.
Boris Mühmer's avatar
Boris Mühmer committed
20150210

	Cleanup: socketmap documentation. File: proto/socketmap_table.

Boris Mühmer's avatar
Boris Mühmer committed
20150211

	Cleanup: strncasecmp_utf8() streamlining. Files: util/stringops.h,
	util/allascii.c, util/strcasecmp_utf8.c.

Boris Mühmer's avatar
Boris Mühmer committed
20150212

	Cleanup: in code after reading main.cf, removed bogus guard
	before re-evaluating the mail_task() syslog prefix.  File:
	postlog/postlog.c.

Boris Mühmer's avatar
Boris Mühmer committed
20150214

	Bugfix (introduced: Postfix 3.0): missing #ifdef USE_TLS
Boris Mühmer's avatar
Boris Mühmer committed
	inside #ifdef USE_SASL_AUTH broke the build. Viktor Dukhovni.
	File: smtpd/smtpd.c.

	Cleanup: missing errno logging in bounce daemon clients.
	This made troubleshooting significantly more difficult.
	File: global/mail_command_client.c.

20150216

	Cleanup: documented that mail_connect() produces no errno
	logging.  The functions that call it should log the error
	(and the majority does). File: global/mail_connect.c.

	Cleanup: added errno logging after mail_connect() failure.
	Files: global/post_mail.c, local/forward.c.

	Cleanup: in code after reading main.cf, removed bogus guard
	before re-evaluating the mail_task() syslog prefix. Files:
	postalias/postalias.c, postdrop/postdrop.c, postmap/postmap.c,
	postqueue/postqueue.c, postsuper/postsuper.c, sendmail/sendmail.c.

20150218

	Documentation: header/body_checks additional text about whether
	an action stops further inspection of the input stream.  File:
	proto/header_checks.

	Robustness: reject installation pathnames with whitespace.
	File: postfix-install.
Boris Mühmer's avatar
Boris Mühmer committed

20150217

	Cleanup: missing <string.h> include. File: util/allascii.c.

20150221

	Bugfix (introduced: Postfix 3.0): don't append '.' to the
	DNS resource record value, when converting TXT records to
	the string form that is used used by xxx_dns_reply_filter.
	File: dns/dns_strrecord.c.

20150313

	Documentation: incorrect Postfix version number for
	postscreen_dnsbl_timeout. Quanah Gibson-Mount. File:
	postscreen/postscreen.c.

Boris Mühmer's avatar
Boris Mühmer committed
20150320

	Cleanup: better sorting order for the default tls_*_cipherlist
	settings. OpenSSL does not order "ALL" quite right: some
	MEDIUM ciphers (SEED and IDEA) sneak up above some 128-bit
	HIGH ciphers.  Also previously, when we prefer "aNULL" we
	moved MEDIUM with aNULL above same bit-length HIGH but not
	aNULL.  Viktor Dukhovni.  File: global/mail_params.h.

Boris Mühmer's avatar
Boris Mühmer committed
20150324

	Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps
	ignored the relayhost setting in the case of a DUNNO lookup
	result.  It would use the recipient domain instead.  Viktor
	Dukhovni. Wietse took the pieces of code that enforce the
	precedence of a sender-dependent relayhost, the global
	relayhost, and the recipient domain, and put that code
	together in once place so that it is easier to maintain.
	File: trivial-rewrite/resolve.c.

Boris Mühmer's avatar
Boris Mühmer committed
20150326

	Feature: lmtp_fallback_relay, limited to TCP destinations
	only.  Viktor Dukhovni. Wietse updated the postlink, smtp.c,
	and smtp-only files, and added a warning when lmtp_fallback_relay
	is specified for a non-TCP destination. Files: mantools/postlink,
	smtp/smtp.c, smtp/smtp-only, smtp/smtp_connect.c,
	smtp/smtp_params.c, global/mail_params.h, proto/postconf.proto.

Boris Mühmer's avatar
Boris Mühmer committed
20150328

	Bugfix (introduced: Postfix 1.1.0): post-install expanded
	macros in parameter values when trying to detect parameter
	overrides, causing unnecessary main.cf updates during Postfix
	start-up. Julian Reich, Viktor Dukhovni, and Wietse.  File:
	conf/post-install.

20150330

	Bitrot: prepare for future changes in OpenSSL API. Viktor
	Dukhovni. File: tls_dane.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Safety: instead of bouncing mail, report a soft error when
	SASL infrastucture breaks.  Viktor Dukhovni, Emmanuel Fuste.
	Files: smtpd/smtpd_sasl_glue.c, xsasl/xsasl.h,
	xsasl/xsasl_cyrus_server.c, xsasl/xsasl_dovecot_server.c.

20150401

	Documentation: update the mydestination default value in
	the stock main.cf file.  File: conf/main.cf.

20150404

	Documentation: add "postconf -m" output to problem reports. File:
	proto/DEBUG_README.html.

20150418

	Portability: use the icu-config utility to locate the ICU
	include and library files. With this, Postfix builds out
	of the box on MacOS X. File: makedefs.

20150421

	Bugfix (introduced: 19970309): reset errno before calling
	readdir(), in order to distinguish between end-of-directory and
	an error condition. File: scandir.c.

20150426

	Cleanup: when transmitting an attribute-value sequence
	between Postfix processes, a hash table may now appear at
	any position instead of only at the end.  Files:
	util/attr_scan{0,64,plain}.c, util/attr_print{0,64,plain}.c,
	util/attr_scan{0,64,plain}.ref.

	Feature: milter_macro_defaults, an optional list of macro
	name=value pairs that specify default values for Milter
	macros.  When a macro is to be sent to a Milter application,
	Postfix will send its default value when no value is available
	from the mail delivery context. For example, with
	"milter_macro_defaults = auth_type=TLS", Postfix will send
	an auth_type of "TLS" unless a remote client authenticates
	with SASL. Files: mantools/postlink, proto/MILTER_README.html,
	proto/postconf.proto, cleanup/cleanup.c, cleanup/cleanup_init.c,
	cleanup/cleanup_milter.c, global/mail_params.h, milter/milter.c,
	milter/milter.h, smtpd/smtpd.c, smtpd/smtpd_milter.c.

Boris Mühmer's avatar
Boris Mühmer committed
20150501

	Support for Linux 4.*, and some simplification for future
	makedefs files. Files: makedefs, util/sys_defs.h.

Boris Mühmer's avatar
Boris Mühmer committed
20150502

	Cleanup: updated the examples in MILTER_README.  File:
	proto/MILTER_README.html

20150529

	Support for DNS reply TTL values in dnsblog and postscreen.
	Files: dnsblog/dnsblog.c, postscreen/postscreen_early.c,
	postscreen/postscreen_dnsbl.c.

20150607

	Support for DNS reply TTL values for "not found" responses
	(negative reply caching).  The postscreen daemon needs this to
	accurately whitelist an SMTP client that is not found on any
	DNSBL. Files: dns/dns_lookup.c, dns/dns_strrecord.c, dns/dns.h,
	dns/test_dns_lookup.c.

20150615

	Two new parameters to limit how long a DNSBL or DNSWL lookup
	result remains valid: postscreen_dnsbl_max_ttl is an upper
	limit for the TTL from a DNS query, and postscreen_dnsbl_min_ttl
	is a lower limit. The old postscreen_dnsbl_ttl provides a
	backwards-compatible default for postscreen_dnsbl_max_ttl.
	Files: global/mail_params.h, postscreen/postscreen.c,
	postscreen/postscreen_early.c, mantools/postlink,
	proto/postconf.proto.

20150616

	Refinement: the postscreen daemon now computes two combined
	DNS reply TTLs: one combined TTL for replies that the client
	should be blocked, and one combined TTL for replies that the
	client should be allowed. This is more conservative than
	simply combining all reply TTLs into one number.  File:
	postscreen/postscreen_dnsbl.c.

20150621

	Feature: default_transport_rate_delay (and the transport-specific
	*transport*_transport_rate_delay) to enforce a destination-
	independent rate limit on deliveries.  Files: mantools/postlink,
	proto/postconf.proto, *qmgr/qmgr.h, *qmgr/qmgr_transport.c,
	*qmgr/qmgr_deliver.c, *qmgr/qmgr.c.

20150707

	Workaround: some DNS servers reply with NXDOMAIN for type
	NS queries with names that actually have an A record. This
	broke check_mumble_ns_access.  File: smtpd/smtpd_check.c.

20150711

	Workaround: conditional time default value can result in
	multiple time unit suffixes. Files: global/conv_time.c
	global/mail_conf_time.c.

20150712

	Cleanup: configurable workaround (dns_ncache_ttl_fix_enable)
	in case some future libc change breaks a promise made by
	current resolver(3) documentation. Files: global/mail_params.[hc].

	Cleanup: removed unused libdns dependencies. No-one remembers
	why they were introduced. Files: postscreen/Makefile.in,
	qmqpd/Makefile.in, smtpd/Makefile.in, tlsmgr/Makefile.in.

	Cleanup: code indentation. Viktor Dukhovni. File:
	smtp/smtp_addr.c.

	Workaround: With Solaris10, write_wait() hangs in poll()
	until timeout, when invoked after peekfd() has received an
	ECONNRESET error indication. This happens when a client
	sends QUIT and closes the connection immediately. File:
	util/peekfd.c.

20150715

	Security: updated default Diffie-Hellman export (512 bit)
	primes and non-export (from 1024 to 2048 bit) primes, and
	updated text on non-export DH primes. Viktor Dukhovni.
	Files: tls/tls_dh.c, proto/FORWARD_SECRECY_README.html.

Boris Mühmer's avatar
Boris Mühmer committed
20150718

	Security: opportunistic TLS by default uses "medium" or
	stronger ciphers instead of "export" or stronger. See the
	RELEASE_NOTES file for how to get the old settings back.
	Files: global/mail_params.h, proto/TLS_README.html,
	proto/postconf.proto, and files derived from those.

20150719

	Security: Postfix TLS support by default no longer uses
	SSLv2 or SSLv3.  See the RELEASE_NOTES file for how to get
	the old settings back. Files: global/mail_params.h,
	proto/postconf.proto, and files derived from those.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the COMPATIBILITY_README* files were not installed.
	File: conf/postfix-files.

20150726

	Cleanup: some lost edits for the SASL_README file. File:
	proto/SASL_README.html.

20150816

	Workaround: updated the 20150707 fix for DNS servers that
	reply with NXDOMAIN for type NS queries instead of (NOERROR,
	zero answers).  File: smtpd/smtpd_check.c.

20150829

	Documentation: TLS session tickets are preferred over the
	local server-side smtpd_tls_session_cache_database storage.
	TLS session tickets are supported as of OpenSSL 0.9.8h (May
	2008).  Files: mantools/postlink, proto/TLS_README.html,
	proto/postconf.proto.

20150831

	Cleanup: obsolete comments in Makefile.init.
Boris Mühmer's avatar
Boris Mühmer committed

20150903

	Workaround: disable DNSSEC support for AIX 7x and earlier.
	The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
	defining the "ad" bit.  Viktor Dukhovni.  Files: makedefs,
	proto/INSTALL.html, dns/dns.h.

Boris Mühmer's avatar
Boris Mühmer committed
20150912

	Future-proofing and code cleanup: exploit GCC and Clang
	"warn_unused_result" feature to flag missing error checks.
	Files: util/sys_defs.h, util/attr.h, util/edit_file.h,
	util/listen.h, util/lstat_as.h, util/mac_expand.h,
	util/mac_parse.h, util/myaddrinfo.h, util/myflock.h,
	util/sane_fsops.h, util/sane_socketpair.h, util/stat_as.h,
	util/base32_code.h, util/base64_code.h, util/hex_code.h,
	util/timed_wait.h, util/vstream.h, src/util/vstring_vstream.h.

	Cleanup: incomplete error check. Found with WARN_UNUSED_RESULT
	check. File: util/recv_pass_attr.c.

	Future-proofing: added type mis-match detection for
	ATTR_TYPE_FUNC function-pointer arguments. File: util/attr.h.

	Cleanup: don't ignore seek-to-end-of-file errors.  File:
	global/record.c.

	Cleanup: use vstream_fpurge() to purge VSTREAM buffers,
	instead of calling vstream_fseek() and ignoring ESPIPE
	errors.  File: smtpstone/qmqp-sink.c.

20150913

	Feature: SMTPD policy service "policy_context" attribute
	and smtpd_policy_service_policy_context main.cf parameter.
	Originally, to share the same SMTPD policy service endpoint
	among multiple check_policy_service clients. Markus Benning.
	Files: mantools/postlink, proto/SMTPD_POLICY_README.html,
	proto/postconf.proto, global/mail_params.h, global/mail_proto.h,
	smtpd/smtpd.c, smtpd/smtpd_check.c.

Boris Mühmer's avatar
Boris Mühmer committed
20150923

	Bugfix (introduced: 20120531-617): the Postfix SMTP server
	used a larger-than-1 VSTREAM buffer to read the HAProxy
	connection hand-off information. This broke TLS wrappermode,
	as the TLS helo packet would end up in the plaintext VSTREAM
	buffer. Reported by Lukas Erlacher.  File: smtpd/smtpd_haproxy.c.

20150924

Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup (introduced: 20060510, exposed 20150912): eliminated
	a harmless warning message "seek error after reading END
	record: Illegal seek" from the cleanup server after a
	check_sender_access DISCARD action.  File: cleanup/cleanup.c.

Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced: 20090216-24): incorrect postmulti error
	message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
	File: postmulti/postmulti.c.

	Workaround: don't create a new instance when the template
	main.cf and master.cf files are missing, as happens on
	Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.

20150930

	Bugfix (introduced: 20040124): Milter client panic while
	adding a header, because the PREPEND action used the same
	output function for header_checks and body_checks.  Viktor
	Dukhovni and Wietse. File: cleanup/cleanup_message.c.

	Bugfix (introduced: 20031128): xtext_unquote() did not
	propagate error reports from xtext_unquote_append(), causing
Boris Mühmer's avatar
Boris Mühmer committed
	the decoder to return partial output, instead of rejecting
Boris Mühmer's avatar
Boris Mühmer committed
	malformed input. Fix by Krzysztof Wojta.  File: global/xtext.c.

20151003

	Bugfix (copied from xtext): uxtext_unquote() did not propagate
	error reports from uxtext_unquote_append(), causing the
	decoder to return partial output, instead of rejecting
	malformed input.  Found by searching the code for similar
	error patterns as with xtext_unquote().  File: global/uxtext.c.

Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: added missing "negative" unit tests. Files:
	global/xtext.c, global/uxtext.c.
Boris Mühmer's avatar
Boris Mühmer committed
20151004
Boris Mühmer's avatar
Boris Mühmer committed
	Future proofing: use a real VSTRING in the 20150930 header
	PREPEND fix. File: cleanup/cleanup_message.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Future proofing: make vstring_import() consistent with
	vstring_alloc(). The alternative would be to remove the
	function as it is unused and exists only for symmetry with
	vstring_export(). File: usr/vstring.c.
Boris Mühmer's avatar
Boris Mühmer committed
20151010
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the 20150903 workaround for AIX DNSSEC used the
	wrong name in #ifdef. File: dns/dns.h.
Boris Mühmer's avatar
Boris Mühmer committed
20151011
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: in the PCRE client, turn fatal lookup errors into
	warnings, and skip the failing pattern as in dict_regexp.c.
	Also, fixed the error text when running into the matcher's
	backtracking limit. File: util/dict_pcre.c.
Boris Mühmer's avatar
Boris Mühmer committed
20151017
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: smtpd_client_auth_rate_limit enforces a rate
	limit on the number of AUTH commands per client IP address.
	mantools/postlink, proto/postconf.proto, anvil/anvil.c,
	global/anvil_clnt.c, global/anvil_clnt.h, global/mail_params.h,
	smtpd/smtpd.c.