Newer
Older
util/timed_write.c, util/unix_connect.c, util/unix_listen.c,
util/unix_recv_fd.c, util/unix_send_fd.c, util/unix_trigger.c,
util/vbuf.c, util/vbuf.h, util/vstream.c, util/vstream_tweak.c,
util/vstring.c, util/watchdog.c, verify/verify.c,
xsasl/xsasl_cyrus_client.c, xsasl/xsasl_cyrus_server.c,
xsasl/xsasl_dovecot_server.c.
Cleanup: removed unnecessary casts. File: global/cfg_parser.c.
Cleanup: dont cast away "const". File: global/dict_sqlite.c.
Bugfix (introduced: 20141207): in new #ifdef, && should be
||. File: smtpd.c.
Cleanup: the "inline" table now supports case-insensitive
search, and an iterator. File: util/dict_inline.c.
Cleanup: minuscule memory leaks in graceful degradation
after lookup table open error. Files: util/dict_inline.c,
util/dict_static.c.
Cleanup: memory leaks in unit-test driver programs (i.e.
code used only during development). Files:
cleanup/cleanup_milter.c, util/base64_code.c.
Bugfix (introduced 20141001): mac_expand() error message
with "??" due to dangling pointer. File: util/mac_expand.c.
Portability: unit-test driver programs. Files: util/myaddrinfo.c,
util/myaddrinfo.ref.
Portability: Clang support. Files: makedefs, util/sys_defs.h.
Portability: FreeBSD 10 support. Files: makedefs,
util/sys_defs.h.
Cleanup: in makedefs, the CC and WARN features are now
independent. File: makedefs.
Shut up some Clang format-string nags: util/events.c.
Cleanup: eliminated unnecessary 64->32bit (and back)
conversions on LP64 platforms. Files: util/htable.c,
util/binhash.c util/mvect.[hc], util/name_mask.c,
util/sane_time.c, util/unix_listen.c, util/unix_connect.c,
util/stringops.h, util/trimblanks.c, and dependent code in
smtpd/smtpd_token.c.
Cleanup: unused inet_proto_init() results. Files:
global/mail_params.c, postconf/postconf_builtin.c,
smtpstone/qmqp-sink.c, smtpstone/qmqp-source.c,
smtpstone/smtp-source.c/
Shut up some Clang nags about unused functions in network
interface API selection. File: util/inet_addr_local.c.
Portability: a historical compiler lacks printf-like
format-string checks for function pointers. Files: util/msg.h,
bounce/bounce_template.h.
21067
21068
21069
21070
21071
21072
21073
21074
21075
21076
21077
21078
21079
21080
21081
21082
21083
21084
21085
21086
21087
21088
21089
21090
21091
21092
21093
21094
21095
21096
21097
21098
21099
21100
21101
21102
21103
21104
21105
21106
21107
21108
21109
21110
21111
21112
21113
21114
21115
21116
21117
21118
21119
21120
21121
21122
21123
21124
21125
21126
21127
21128
21129
21130
21131
21132
21133
21134
21135
21136
21137
21138
21139
21140
21141
21142
21143
21144
21145
21146
21147
21148
21149
21150
21151
21152
21153
21154
21155
21156
21157
21158
21159
21160
21161
21162
21163
21164
21165
21166
21167
21168
21169
21170
21171
21172
21173
21174
21175
21176
21177
21178
21179
21180
21181
21182
21183
21184
21185
21186
21187
21188
21189
21190
21191
21192
21193
21194
21195
21196
21197
21198
21199
21200
21201
21202
21203
21204
21205
21206
21207
21208
21209
21210
21211
21212
21213
21214
21215
21216
21217
21218
21219
21220
21221
21222
21223
21224
21225
21226
21227
21228
21229
21230
21231
21232
21233
21234
21235
21236
21237
21238
21239
21240
21241
21242
21243
21244
21245
21246
21247
21248
21249
21250
21251
21252
21253
21254
21255
21256
21257
21258
21259
21260
21261
21262
21263
21264
21265
21266
21267
21268
21269
21270
21271
21272
21273
21274
21275
21276
21277
21278
21279
21280
21281
21282
21283
21284
21285
21286
21287
21288
21289
21290
21291
21292
21293
21294
21295
21296
21297
21298
21299
21300
21301
21302
21303
21304
21305
21306
21307
21308
21309
21310
21311
21312
21313
21314
21315
21316
21317
21318
21319
21320
21321
21322
21323
21324
21325
21326
21327
21328
21329
21330
21331
21332
21333
21334
21335
21336
21337
21338
21339
21340
21341
21342
21343
21344
21345
21346
21347
21348
21349
21350
21351
21352
21353
21354
21355
21356
21357
21358
21359
21360
21361
21362
21363
21364
21365
21366
21367
21368
21369
21370
21371
21372
21373
21374
21375
21376
21377
21378
21379
21380
21381
21382
21383
21384
21385
21386
21387
21388
21389
21390
21391
21392
21393
21394
21395
21396
21397
21398
21399
21400
21401
21402
21403
21404
21405
21406
21407
21408
21409
21410
21411
21412
21413
21414
21415
21416
21417
21418
21419
21420
21421
21422
21423
21424
21425
21426
21427
21428
21429
21430
21431
21432
21433
21434
21435
21436
21437
21438
21439
21440
21441
21442
21443
21444
21445
21446
21447
21448
21449
21450
21451
21452
21453
21454
21455
20141212
Shut up some Clang format-string nags: util/line_number.c,
sendmail/sendmail.c, smtpd/smtpd_proxy.c, smtp/smtp_sasl_proto.c.
Cleanup: eliminated unnecessary 64->32bit (and back)
conversions on LP64 platforms. Files: dict_memcache.c,
header_body_checks.[hc], log_adhoc.c, pipe_command.c,
record.[hc], smtp_reply_footer.c, split_addr.c.
cleanup/cleanup_milter.c, master/mail_server.h,
src/master/trigger_server.c, oqmgr/qmgr.c, qmgr/qmgr.c,
pickup/pickup.c.
Cleanup: nullmx SMTP reply codes 550 and 556, and enhanced
status codes X.1.10 and X.7.27. The nullmx SMTP reply codes
are no longer configurable. Files: global/mail_params.h,
smtpd/smtpd.c, smtpd/smtpd_check.c.
Portability: default table owner UID for testing. Files:
util/dict_alloc.c, util/dict_open.c.
Shut up Clang unused assignment nag: global/mail_queue.h.
sendmail/sendmail.c, smtpd/smtpd_proxy.c, smtp/smtp_sasl_proto.c.
20141214
Bugfix (introduced: 20141212): typo in Clang function pointer
format check, making it a noop. Viktor Dukhovni. File:
util/sys_defs.h.
Maintainability: compile-time argument typechecking for
variadic attribute-value read/write functions. Files:
anvil/anvil.c, bounce/bounce.c, cleanup/cleanup.c,
dnsblog/dnsblog.c, flush/flush.c, global/abounce.c,
global/anvil_clnt.c, global/bounce.c, global/defer.c,
global/deliver_pass.c, global/deliver_request.c,
global/dict_proxy.c, global/dsb_scan.c, global/dsn_print.c,
global/flush_clnt.c, global/mail_command_client.c,
global/mail_stream.c, global/msg_stats_print.c,
global/msg_stats_scan.c, global/post_mail.c, global/rcpt_buf.c,
global/rcpt_print.c, global/resolve_clnt.c, global/rewrite_clnt.c,
global/scache_clnt.c, global/trace.c, global/verify_clnt.c,
local/forward.c, milter/milter.c, milter/milter8.c,
milter/milter_macros.c, oqmgr/qmgr_deliver.c, pickup/pickup.c,
postdrop/postdrop.c, postscreen/postscreen_dnsbl.c,
postscreen/postscreen_send.c, postscreen/postscreen_starttls.c,
proxymap/proxymap.c, qmgr/qmgr_deliver.c, qmqpd/qmqpd.c,
scache/scache.c, smtpd/smtpd.c, smtpd/smtpd_check.c,
tls/tls_mgr.c, tls/tls_proxy_clnt.c, tls/tls_proxy_print.c,
tls/tls_proxy_scan.c, tlsmgr/tlsmgr.c, tlsproxy/tlsproxy.c,
trivial-rewrite/resolve.c, trivial-rewrite/rewrite.c,
trivial-rewrite/trivial-rewrite.c, util/attr.h.
20141217
Replaced compile-time argument typechecking based on inline
functions with an implementation based on ternary expressions
with unreachable assignments to dummy variables. This
should produce the exact same result as the approach based
on inline functions (which were standardized with C99).
Files: util/check_arg.h, util/attr.h, util/attr.c.
20141221
Portability: proof-of-concept template for OpenBSD build
with shared libpostfix etc. libraries. File: makedefs.
20141223
Cleanup: compile-time variadic argument type checking for
attribute-value APIs of vstream, vstream_popen, vstring,
pipe_command, spawn_command, attr_override, and mail_server
skeletons. Based on mostly automatic conversion and checking,
with a manual inspection of the remainder. Files:
anvil/anvil.c, bounce/bounce.c, cleanup/cleanup.c,
cleanup/cleanup_api.c, discard/discard.c, dnsblog/dnsblog.c,
error/error.c, flush/flush.c, global/attr_override.c,
global/attr_override.h, global/mail_connect.c, global/mail_queue.c,
global/mail_stream.c, global/mail_stream.h, global/pipe_command.c,
global/pipe_command.h, global/smtp_stream.c, global/timed_ipc.c,
local/command.c, local/local.c, master/event_server.c,
master/mail_server.h, master/multi_server.c,
master/single_server.c, milter/milter.c, milter/milter8.c,
oqmgr/qmgr.c, oqmgr/qmgr_transport.c, pickup/pickup.c,
pipe/pipe.c, postalias/postalias.c, postcat/postcat.c,
postdrop/postdrop.c, postmap/postmap.c, postscreen/postscreen.c,
postscreen/postscreen_dnsbl.c, postscreen/postscreen_haproxy.c,
postscreen/postscreen_starttls.c, posttls-finger/posttls-finger.c,
proxymap/proxymap.c, qmgr/qmgr.c, qmgr/qmgr_transport.c,
qmqpd/qmqpd.c, scache/scache.c, showq/showq.c, smtp/smtp.c,
smtpd/smtpd.c, smtpd/smtpd_check.c, smtpd/smtpd_proxy.c,
smtpstone/smtp-source.c, spawn/spawn.c, tls/tls_proxy_clnt.c,
tls/tls_stream.c, tlsmgr/tlsmgr.c, tlsproxy/tlsproxy.c,
trivial-rewrite/trivial-rewrite.c, util/auto_clnt.c,
util/ctable.c, util/dict_cache.c, util/dict_cache.h,
util/dict_lmdb.c, util/dict_tcp.c, util/netstring.c,
util/recv_pass_attr.c, util/slmdb.c, util/slmdb.h,
util/spawn_command.c, util/spawn_command.h, util/vstream.c,
util/vstream.h, util/vstream_popen.c, util/vstream_tweak.c,
util/vstring.c, util/vstring.h, verify/verify.c,
virtual/virtual.c, xsasl/xsasl_dovecot_server.c.
20141224
Cleanup: the compile-time argument typechecks for attribute-value
APIs are now by default implemented with inline functions.
Compile with -DNO_INLINE to implement the argument typechecks
with ternary operators and unreachable assignments. Files:
util/check_arg.h and its consumers.
20141226
NetBSD6/7 dynamic linking support. Viktor Dukhovni.
Cleanup: instead of making up new names, use a consistent
CA_ prefix for macros that implement compile-time argument
typechecks for non-protocol attribute-value APIs. This
transformation and its verification are mechanical.
Bugfix (introduced: Postfix 1.1, but latent before 3.0):
"postfix-install: daemon_directory: not found" error with
an ancient Solaris shell. Fixed by ALSO resetting IFS after
the end of a ``while IFS=foo command'' loop; counter to
expectation, the IFS reset in the loop body executed in a
child process. Background: some shells implement "IFS=foo
command" as a permanent IFS change; this was allowed by
standards at some point in time. File: postfix-install.
20141227
Feature: smtp_address_verify_target (default: rcpt) that
determines what protocol stage decides if a recipient is
valid. Specify "data" for servers that reject recipients
after the DATA command. Files: mantools/postlink,
proto/postconf.proto, proto/ADDRESS_VERIFICATION_README.html,
global/mail_params.h, smtp/lmtp_params.c, smtp/smtp.c,
smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c.
20141228
Cleanup: the IDNA conversion routines now accept both ASCII
and UTF8 inputs. The functions als verify that either their
result is a valid ASCII domain name or that it converts
into a valid ASCII domain name. Files: util/midna.c,
util/midna_test.in, util/midna_test.ref.
20141230
Cleanup: s/midna/midna_domain/ for better specificity,
because we also need functions that act only on the domain
portion of an email address. Files: bounce/bounce_template.c,
global/midna_adomain.c, posttls-finger/posttls-finger.c,
smtp/smtp_addr.c, smtpd/smtpd_check.c, tls/tls_client.c,
util/midna_domain.[hc], util/valid_utf8_hostname.c.
Infrastructure: function midna_adomain_to_utf8() (and
midna_adomain_to_ascii) to convert the domain portion of
an email address before table lookup. Files:
global/midna_adomain.[hc].
20141230-20140109
What is described here is the result of four iterations to
deal with malformed UTF-8 without massively contaminating
every Postfix program with new error-handling code paths,
in particular without triggering fatal errors that didn't
happen before.
Infrastructure: function casefold() to support caseless
string comparison, primarily for table lookups. This function
supports two modes: case folding a la lowercase() for ASCII
byte values, and UTF-8 case folding. As recommended at
http://www.w3.org/International/wiki/Case_folding for
caseless string comparison, this uses the en_US locale to
avoid surprises. The implementatin handles the entire RFC
3629 Unicode range (code points U+0000..U+10FFFF including
surrogates) and is chroot(2) safe. Files: casefold.c,
stringops.h.
Infrastructure: revised the midna_domain_to_ascii and
midna_domain_to_utf8 domain name conversion functions after
careful reading of the UTS #46 specification, and after
observing that ICU 4.8 library functions indeed implement
this spec, at least with default options. In particular,
midna_domain_to_utf8 takes an UTF-8 domain name and verifies
that its A-label form will pass the valid_hostname() test.
File: util/midna_domain.c.
Infrastructure: handle UTF-8 errors in lookup table keys
or values without massively contaminating every Postfix
program with new error-handling code paths, in particular
without triggering fatal errors that didn't happen before.
The lookup/update/delete functions log a warning and ignore
a request with a bad key (it cannot exist); the update
functions ignore a request to store a bad value (it cannot
exist); and the lookup function reports a bad value as a
configuration error (it should not exist, but there it is).
Table iterators still report all (key, value) pairs in a
table. Files: util/dict.h, util/dict_open.c, util/dict_utf8.c,
global/mkmap_open.c.
Note that with SMTPUTF8 turned on, each table-driven mechanism
(access, aliases, etc.) needs to make its own decision
whether UTF-8 syntax is required. We cannot blindly require
that everything has valid UTF-8 syntax. That would make
header/body_checks useless for content inspection, because
headers may be malformed and bodies may contain legitimate
binary content that isn't UTF-8.
Note that with SMTPUTF8 turned off, Postfix must remain
8-bit clean as it always has been. Table operations must
not complain that something violates UTF-8 syntax rules.
UTF-8 sanitization in the Postfix SMTP server. With
smtputf8_enable=yes, SMTP commands with UTF-8 syntax errors
are rejected, table lookup results with invalid UTF-8 syntax
are handled as configuration errors, and UTF-8 syntax errors
in policy server replies result in execution of the policy
server's default action.
20150102
Cleanup: propagate DICT_ERR_CONFIG through the proxymap
protocol. Files: global/dict_proxy.[hc], proxymap/proxymap.c.
20150106
Robustness: don't segfault due to excessive recursion in
tok822_free_tree() after a faulty configuration runs into
the virtual_alias_recursion_limit. File: global/tok822_tree.c.
20150109
Cleanup: the dict debug module now proxies dict flags.
File: util/dict_debug.c.
With "smtputf8_enable = yes", the postmap and postalias
commands now enable UTF-8 by default (use "-u" to disable)
with one exception: UTF-8 remains disabled for header/body_checks
emulation (use "-U" to enable). Files: postmap/postmap.c,
postalias/postalias.c.
20150110
Cleanup: the "inline" and "texthash" implementations now
reuse the "internal" database instead of reinventing the
wheel. Files: util/dict_inline.c, util/dict_thash.c.
As a first step, with "smtputf8_enable = yes" all features
based on Postfix matchlists enable UTF-8 syntax checks and
UTF-8 casefolding for table patterns, but NOT YET for string
patterns. The list of features includes authorized_flush_users,
authorized_mailq_users, authorized_submit_users, debug_peer_list,
fast_flush_domains, mydestination, permit_mx_backup_networks,
qmqpd_authorized_clients, smtp_connection_cache_destinations,
smtpd_authorized_verp_clients, smtpd_authorized_xclient_hosts,
smtpd_authorized_xforward_hosts,
smtpd_client_event_limit_exceptions,
smtpd_log_access_permit_actions, smtpd_sasl_exceptions_networks,
the "domains" feature in ldap_table(5), memcache_table(5)
mysql_table(5), pgsql_table(5) and sqlite_table(5),
virtual_alias_domains, virtual_mailbox_domains.
20150111
Cleanup: simplified the interposition layer that adds UTF-8
support to Postfix lookup tables. Files: util/dict_utf8.c.
With "smtputf8_enable = yes", Enable UTF-8 syntax checks
and UTF-8 casefolding for SMTP server access maps, alias_maps,
canonical_maps, fallback_transport_maps,
lmtp_tls_session_cache_database, local_recipient_maps,
mailbox_command_maps, mailbox_transport_maps, rbl_reply_maps,
recipient_bcc_maps, recipient_canonical_maps, relay_recipient_maps,
relocated_maps, sender_bcc_maps, sender_canonical_maps,
sender_dependent_relayhost_maps, sender_dependent_transport_maps,
smtp_generic_maps, smtp_sasl_auth_cache_name,
smtp_sasl_password_maps, smtp_tls_per_site, smtp_tls_policy_maps,
smtp_tls_session_cache_database, smtpd_sender_login_maps,
smtpd_tls_session_cache_database, transport_maps,
virtual_alias_maps, virtual_gid_maps, virtual_mailbox_maps,
virtual_uid_maps.
20150112
Infrastructure: support for UTF-8 casefolding in match_lists.
Instead of using strcasecmp(), casefold all fixed-string
patterns during initialization, casefold a search string
at the beginning of the search, and use strcmp() for
comparison. Files: util/casefold.c util/dict.h, util/dict_utf8.c,
util/match_list.c, util/match_list.h, util/match_ops.c,
util/stringops.h, global/addr_match_list.c, global/domain_list.c,
global/namadr_list.c, global/string_list.c.
20150113
Cleanup: show the configuration parameter name in error
messages while parsing or searching match_list-based features
such as mydestination, relay_domains and a few dozen more.
Files: cleanup/cleanup_init.c, flush/flush.c,
global/addr_match_list.c, global/debug_peer.c,
global/domain_list.c, global/flush_clnt.c,
global/match_parent_style.c, global/namadr_list.c,
global/resolve_local.c, global/string_list.c, global/user_acl.[hc],
postdrop/postdrop.c, postqueue/postqueue.c,
postscreen/postscreen.c, qmqpd/qmqpd.c, sendmail/sendmail.c.,
smtp/smtp.c, smtp/smtp_sasl_glue.c, smtpd/smtpd.c,
smtpd/smtpd_check.c, trivial-rewrite/resolve.c,
util/match_list.[hc], util/match_ops.c.
Cleanup: apply printable() to all bounce(8) service
string-valued protocol fields. File: bounce/bounce.c.
Apparenly the UCI 4.8 ucasemap_utf8FoldCase() function does
not complain about UTF-8 syntax errors, so we add our own
redundant check. File: util/casefold.c.
20150115
Bitrot: prepare for future changes in OpenSSL. Viktor
Dukhovni. Files: tls/tls.h, tls/tls_dh.c, tls/tls_misc.c,
tls/tls_rsa.c, tls/tls_server.c.
Documentation: "avoid hash files here, use btree or lmdb
instead". File: proto/ADDRESS_VERIFICATION_README.html.
Safety: virtual_alias_address_length_limit (default: 1000)
to stop aliasing loops that exponentially increase the
address length with each iteration. Files: global/mail_params.h,
mantools/postlink, proto/postconf.proto, cleanup/cleanup.c,
cleanup/cleanup_init.c, cleanup/cleanup_map1n.c.
20150116
TLS wrappermode in the Postfix smtp(8) client. This introduces
a new parameter "smtp_tls_wrappermode" (default: no). Files:
global/mail_params.h, mantools/postlink, proto/postconf.proto,
smtp/lmtp_params.c, smtp/smtp.[hc], smtp/smtp_connect.c,
smtp/smtp_params.c, smtp/smtp_proto.c.
TLS wrappermode in posttls-finger(1), and some DANE-related
cleanups. This introduces a new option "-w". Viktor Dukhovni.
Files: posttls-finger/posttls-finger.c, smtp/smtp_tls_policy.c,
tls/tls.h, tls/tls_client.c, tls/tls_fprint.c.
20150117
Cleanup: missing " in \%s\" in postscreen(8) fatal error
messages. Iain Hibbert. File: postconf/postconf_master.c.
20150118
Bugfix (introduced: 20140731): when a connection timed out
before any command was received, the Postfix SMTP server
"disconnect from" logging would show the content of the
last SMTP server response (421 4.4.2 $myhostname error:
timeout exceeded) instead of per-command statistics, because
there were no statistics to report. The Postfix SMTP server
now always logs the total number of commands (commands=x/y)
even when the client did not send any. This helps logfile
analyzers to recognize sessions without commands. File:
smtpd/smtpd.c.
20150120
Bugfix (introduced: 20141230-20140109): do not reallocate
a dictionary handle after it is initialized. This breaks
CDB. Problem reported by Andreas Schulze. Files: util/dict.h,
util/dict_alloc.c, util/dict_utf8.c.
Cleanup: simplified the dict_utf8 wrapper implementation.
Files: util/dict.h, util/dict_alloc.c, util/dict_utf8.c.
20150121
Cleanup: undo changes in check_mumble_access() that replaced
error handling with longjmp() calls. This could introduce
memory leaks in check_mumble_access() callers. Files:
smtpd/smtpd_check.c, smtpd/smtpd_error.ref.
20150122
Cleanup: miscellaneous cruft, typos, comments, error messages.
proto/COMPATIBILITY_README.html, global/addr_match_list.c,
global/domain_list.c, global/namadr_list.c, global/string_list.c,
global/user_acl.c, postalias/postalias.c, postmap/postmap.c,
tls/tls_client.c, util/dict_alloc.c, util/dict_open.c,
util/match_list.c.
Workaround: nroff has been improved so that "-" comes out as
some non-ASCII character, unlike HTML where it comes out
as itself. Andreas Schulze. This requires jumping a few
hops to generate HTML and nroff input from the same source
text. Files; mantools/srctoman, mantools/postconf2man.
Cleanup: UTF-8 support in masquerade_domains. File:
cleanup/cleanup_masquerade.c.
21468
21469
21470
21471
21472
21473
21474
21475
21476
21477
21478
21479
21480
21481
21482
21483
21484
21485
21486
21487
21488
21489
21490
21491
21492
21493
21494
21495
21496
21497
21498
21499
21500
21501
21502
Cleanup: simplified the casefold() API: no input-dependent
failure modes. Files: cleanup/cleanup_masquerade.c,
util/casefold.c, util/dict_utf8.c, util/match_list.c,
util/strcasecmp_utf8.c, util/stringops.h.
Cleanup: replaced str*casecmp() calls with UTF8-enabled
versions. Files: bounce/bounce.c, bounce/bounce_append_service.c,
bounce/bounce_notify_service.c, bounce/bounce_notify_verp.c,
bounce/bounce_one_service.c, bounce/bounce_trace_service.c,
bounce/bounce_warn_service.c, cleanup/cleanup_addr.c,
cleanup/cleanup_map11.c, cleanup/cleanup_map1n.c,
global/log_adhoc.c, global/mail_addr_find.c, global/mail_params.c,
global/split_addr.c, global/verify.c, global/verify_sender_addr.c,
local/alias.c, local/recipient.c, oqmgr/qmgr_message.c,
qmgr/qmgr_message.c, smtp/smtp_tls_policy.c, smtpd/smtpd_check.c,
smtpd/smtpd_milter.c, trivial-rewrite/resolve.c,
util/strcasecmp_utf8.c, util/stringops.h.
20150126
Portability: added missing #ifdef STRCASECMP_IN_STRINGS_H
for platforms that require it. Files: dns/dns_rr_filter.c,
milter/milter8.c, posttls-finger/posttls-finger.c,
tls/tls_dane.c, tlsproxy/tlsproxy.c, util/dict_test.c.
Cleanup: replaced lowercase() calls with UTF-8-enabled
versions. Files: flush/flush.c, global/been_here.c,
global/delivered_hdr.c, global/fold_addr.c, global/fold_addr.h,
local/forward.c, local/recipient.c, pipe/pipe.c,
smtpd/smtpd_resolve.c, util/casefold.c, util/stringops.h,
virtual/recipient.c.
20150127
Cleanup: simplified the 20150125 and 20150126 APIs, replacing
21504
21505
21506
21507
21508
21509
21510
21511
21512
21513
21514
21515
21516
21517
21518
21519
21520
21521
21522
21523
21524
21525
21526
21527
21528
21529
21530
21531
21532
21533
21534
21535
21536
21537
21538
21539
21540
21541
21542
21543
21544
21545
21546
21547
21548
21549
21550
21551
21552
21553
21554
21555
21556
21557
21558
21559
21560
21561
21562
21563
21564
21565
21566
21567
21568
21569
21570
21571
21572
21573
21574
21575
21576
21577
21578
the most-common use cases with convenience macros that have
fewer arguments. Files: anything that implements or invokes
casefold*() or str*casecmp().
Documentation: missing words and typos. Matthew Selsky. Files:
proto/SMTPUTF8_README.html, util/dict_open.c, util/vstream.c.
20150128
Bugfix: the ICU casemapping API can report success, while
producing output that is not null-terminated. But we can
deal with that. File: util/casefold.c.
Cleanup: unnecessary buffers. File: util/strcasecmp_utf8.c.
Cleanup: whitespace in source-code documentation has gotten
damaged through the years. Files: util/iostuff.h,
util/msg_vstream.h, util/msg_syslog.h, util/msg_output.h,
util/msg.h, util/inet_proto.c, trivial-rewrite/trivial-rewrite.c,
tls/tls.h, postconf/postconf.c, master/multi_server.c,
master/event_server.c, global/memcache_proto.h,
global/dict_mysql.c, global/dict_ldap.c, discard/discard.c,
error/error.c, global/dict_proxy.c, global/mail_conf_int.c,
global/match_parent_style.c, global/scache.c, global/scache.h,
qmgr/qmgr_entry.c, qmgr/qmgr_peer.c, smtp/smtp_rcpt.c,
smtpd/smtpd_peer.c, tls/tls_mgr.c, util/attr_scan0.c,
util/dict_tcp.c, util/hex_code.c, util/valid_hostname.c.
Cleanup: typos. Files: proto/socketmap_table, proto/mysql_table,
global/dict_mysql.c, proto/lmdb_table, smtpstone/smtp-sink.c,
posttls-finger/posttls-finger.c.
Bugfix: restart the Postfix SMTP server SASL client after
XCLIENT may have changed the client IP address. Matthew
Via. File: smtpd/smtpd.c.
20150129
More whitespace in source-code comment regressions. Viktor
(mostly) and Wietse. smtpd/smtpd_proxy.c, util/format_tv.c,
util/line_wrap.c, util/slmdb.c, qmgr/qmgr_peer.c,
smtp/smtp_rcpt.c, smtpd/smtpd_peer.c, tls/tls_mgr.c,
trivial-rewrite/trivial-rewrite.c, util/attr_scan0.c,
util/dict_tcp.c, util/hex_code.c, util/valid_hostname.c,
discard/discard.c, error/error.c, global/dict_proxy.c,
global/mail_conf_int.c, global/match_parent_style.c,
global/scache.c, qmgr/qmgr_entry.c, global/dict_ldap.c,
global/dict_mysql.c, posttls-finger/posttls-finger.c,
smtp/smtp.c, tls/tls_certkey.c.
Cleanup: avoid hidden buffer allocation in casefold().
Files: local/forward.c, local/recipient.c, virtual/recipient.c.
Cleanup: HTML validator errors. Files: proto/postconf.proto,
proto/TLS_README.html, proto/MILTER_README.html.
Great rename from 2.12 to 3.0. Lots of files, 99% mechanical.
Cleanup: HTML entities in *roff manpage source. File:
mantools/fixman, proto/postconf.proto, smtpd/smtpd.c,
trivial-rewrite/trivial-rewrite.c.
20150201
Usability: in error messages, print the CAfile and CApath
value in double quotes, to clue in people who specify quoted
pathnames in main.cf. Viktor Dukhovni. Files: tls/tls_certkey.c
and testing code in posttls-finger/posttls-finger.c.
20150202
Cleanup: make posttls-finger -k/-K documentation consistent
with behavior. File: posttls-finger/posttls-finger.c.
20150203
Cleanup: API minimization, by making some functions static.
Files: util/dict.h, util/dict_utf8.c.
Preliminary feature: support for building position-independent
executables (PIE), tested on Fedora Core 20, Ubuntu 14.04,
FreeBSD 9 and 10, and NetBSD 6. See INSTALL section 4.3 for
details and limitations. Files: makedefs, proto/INSTALL.html,
RELEASE_NOTES-3.0.
Cleanup: after many years, the access(5) map BCC action is
part of the stable release. Files: smtpd/smtpd_check.c,
proto/acces.
21596
21597
21598
21599
21600
21601
21602
21603
21604
21605
21606
21607
21608
21609
21610
21611
21612
21613
21614
21615
21616
21617
21618
21619
21620
21621
21622
21623
21624
21625
21626
21627
21628
21629
21630
21631
21632
21633
21634
21635
21636
21637
21638
21639
21640
21641
21642
21643
21644
21645
21646
21647
20150211
Cleanup: strncasecmp_utf8() streamlining. Files: util/stringops.h,
util/allascii.c, util/strcasecmp_utf8.c.
20150214
Bugfix (introduced: Postfix 3.0): missing #ifdef USE_TLS
inside #ifdef USE_SASL_AUTH. Viktor Dukhovni. File:
smtpd/smtpd.c.
20150217
Cleanup: missing <string.h> include. File: util/allascii.c.
20150221
Bugfix (introduced: Postfix 3.0): don't append '.' to the
DNS resource record value, when converting TXT records to
the string form that is used used by xxx_dns_reply_filter.
File: dns/dns_strrecord.c.
20150313
Documentation: incorrect Postfix version number for
postscreen_dnsbl_timeout. Quanah Gibson-Mount. File:
postscreen/postscreen.c.
20150324
Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps
ignored the relayhost setting in the case of a DUNNO lookup
result. It would use the recipient domain instead. Viktor
Dukhovni. Wietse took the pieces of code that enforce the
precedence of a sender-dependent relayhost, the global
relayhost, and the recipient domain, and put that code
together in once place so that it is easier to maintain.
File: trivial-rewrite/resolve.c.
20150328
Bugfix (introduced: Postfix 1.1.0): post-install expanded
macros in parameter values when trying to detect parameter
overrides, causing unnecessary main.cf updates during Postfix
start-up. Julian Reich, Viktor Dukhovni, and Wietse. File:
conf/post-install.
20150330
Bitrot: prepare for future changes in OpenSSL API. Viktor
Dukhovni. File: tls_dane.c.
21648
21649
21650
21651
21652
21653
21654
21655
21656
21657
21658
21659
21660
21661
21662
21663
21664
21665
21666
21667
20150501
Support for Linux 4.*, and some simplification for future
makedefs files. Files: makedefs, util/sys_defs.h.
20150718
Security: opportunistic TLS by default uses "medium" or
stronger ciphers instead of "export" or stronger. See the
RELEASE_NOTES file for how to get the old settings back.
Files: global/mail_params.h, proto/TLS_README.html,
proto/postconf.proto, and files derived from those.
20150719
Security: Postfix TLS support by default no longer uses
SSLv2 or SSLv3. See the RELEASE_NOTES file for how to get
the old settings back. Files: global/mail_params.h,
proto/postconf.proto, and files derived from those.
21668
21669
21670
21671
21672
21673
21674
21675
21676
21677
21678
21679
21680
21681
21682
21683
21684
21685
21686
21687
21688
21689
21690
21691
21692
21693
21694
21695
21696
21697
21698
21699
21700
21701
21702
21703
21704
21705
21706
21707
21708
21709
21710
21711
21712
21713
21714
21715
21716
21717
21718
21719
21720
21721
21722
21723
21724
21725
21726
21727
21728
21729
20150722
The COMPATIBILITY_README text and HTML files were not
installed. File: conf/postfix-files.
20150903
Workaround: disable DNSSEC support for AIX 7x and earlier.
The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
defining the "ad" bit. Viktor Dukhovni. Files: makedefs,
proto/INSTALL.html, dns/dns.h.
20150923
Bugfix (introduced: 20120531-617): the Postfix SMTP server
used a larger-than-1 VSTREAM buffer to read the HAProxy
connection hand-off information. This broke TLS wrappermode,
as the TLS helo packet would end up in the plaintext VSTREAM
buffer. Reported by Lukas Erlacher. File: smtpd/smtpd_haproxy.c.
20150924
Bugfix (introduced: 20090216-24): incorrect postmulti error
message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
File: postmulti/postmulti.c.
Workaround: don't create a new instance when the template
main.cf and master.cf files are missing, as happens on
Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.
20150925
Bugfix (introduced: 19970309, fixed 20150421 in development
release): reset errno before calling readdir(), in order
to distinguish between an end-of-directory and an error
condition. File: scandir.c.
20150930
Bugfix (introduced: 20040124): Milter client panic while
adding a header, because the PREPEND action used the same
output function for header_checks and body_checks. Viktor
Dukhovni and Wietse. File: cleanup/cleanup_message.c.
Bugfix (introduced: 20031128): xtext_unquote() did not
propagate error reports from xtext_unquote_append(), causing
the decoder to return partial ouput, instead of rejecting
malformed input. Fix by Krzysztof Wojta. File: global/xtext.c.
20151003
Bugfix (copied from xtext): uxtext_unquote() did not propagate
error reports from uxtext_unquote_append(), causing the
decoder to return partial output, instead of rejecting
malformed input. Found by searching the code for similar
error patterns as with xtext_unquote(). File: global/uxtext.c.
Bugfix (introduced: 20141130, fixed around 20150607 in
development release): the DNS multi-query clients forgot
to save and restore h_errno when evaluating the aggregate
result. File: dns/dns_lookup.c.
20151124
Bugfix (introduced: Postfix 3.0): don't throttle a destination
after opportunistic TLS failure. Viktor Dukhovni. File:
smtp/smtp_proto.c.
20160204
Documentation (introduced: Postfix 3.0): wrong parameter
name in lmtp_address_verify_target description. File:
21742
21743
21744
21745
21746
21747
21748
21749
21750
21751
21752
21753
21754
21755
21756
21757
21758
21759
21760
21761
21762
21763
20160310
Bugfix (introduced: Postfix 2.6): the Milter SMFIR_CHGFROM
(replace sender) request lost the sender_bcc_maps address.
Fixed by moving some record keeping to the sender output
function. Files: cleanup/cleanup_envelope.c,
cleanup/cleanup_addr.c, cleanup/cleanup_milter.c,
cleanup/cleanup.h, regression tests.
20160410
Bugfix (introduced: Postfix 2.6): the "bad filetype"
header_checks pattern falsely rejected Content-Mumble headers
with ``name="example"; x-apple-part-url="example.com"''.
Fixed by respecting the ";" separator between content
attribute values. Reported by Cedric Knight. File:
proto/header_checks.
20160515
Portability: OpenBSD 6.0. Files: makedefs, util/sys_defs.h.
21765
21766
21767
21768
21769
21770
21771
21772
21773
21774
21775
21776
21777
21778
21779
21780
21781
21782
21783
21784
21785
21786
21787
21788
21789
21790
20160618
Bugfix (introduced: 20091121): with the introduction of
sender_dependent_default_transport_maps, the SMTP daemon
was not updated. This resulted in false rejects with
sender-dependent "error" transports. Based on a fix by
Russell Yanofsky. Files: global/resolve_clnt.c,
global/resolve_clnt.h, smtpd/smtpd_check.c, smtpd/smtpd_check.h,
smtpd/smtpd_milter.c, smtpd/smtpd_resolve.c, smtpd/smtpd_resolve.h.
20160717
Bugfix (introduced: Postfix 1.1): the virtual(8) delivery
agent discarded the error result from vstream_fseek().
File: virtual/mailbox.c.
20160730
Bugfix (introduced: 20090614): with concurrent connections
from the same client IP address, and after-220 tests enabled,
postscreen could overwrite the cached "all tests completed"
result of one connection that completed the after-220 tests,
with the "some tests not completed" result of a concurrent
connection where the client hung up later, without completing
the after-220 tests.
20160819
Bugfix (introduced: Postfix 3.0): the makedefs script ignored
readme_directory=pathname overrides. Fix by Todd C. Olson.
File: makedefs.
20160821
Bugfix (introduced: Postfix 3.0): the tls_session_ticket_cipher
documentation says aes-256-cbc, but the implementation was
21801
21802
21803
21804
21805
21806
21807
21808
21809
21810
21811
21812
21813
21814
21815
21816
21817
21818
21819
21820
21821
21822
21823
21824
using aes-128-cbc (note that Postfix session ticket keys
are rotated after 1/2 hour, to limit the impact of attacks
on session ticket keys).
20160911
Bugfix (introduced: Postfix 3.0): the SMTP daemon did not
reset a previous session's command counts before rejecting
a client that exceeds request or concurrency rates. File:
smtpd/smtpd.c.
20160917
Bugfix (introduced: Postfix 3.0): the unionmap did not
propagate table lookup errors. Based on patch by Roel van
Meer. Files: util/dict_union.c, util/dict_union_test.*.
20160925
Workaround (problem introduced: Postfix 2.11): to avoid
false "not found" errors with MySQL map queries that contain
UTF8-encoded text, specify "option_group = client" in Postfix
MySQL configuration files. This will be the default setting
with Postfix 3.2 and later.
21825
21826
21827
21828
21829
21830
21831
21832
21833
21834
21835
21836
21837
21838
21839
21840
21841
21842
21843
21844
21845
20161105
Bugfix (introduced: Postfix 1.1): the postsuper command did
not count a successful rename operation after error recovery.
Problem reported by Markus Schönhaber. File: postsuper/postsuper.c.
20161206
Bugfix (introduced: Postfix 3.0): when receiving a MAIL
FROM...SMTPUTF8 command while smtpd_delay_reject=no, enable
SMTPUTF8 support before processing smtpd_sender_restrictions.
Problem reported by Viktor Dukhovni. File: smtpd/smtpd.c.
20161220
Bugfix (introduced: Postfix 2.1.0): the Postfix SMTP daemon
did not query sender_canonical_maps when rejecting unknown
senders with "smtpd_reject_unlisted_recipient = yes" or
with reject_unlisted_sender. Stephen R. van den Berg (Mr.
procmail). Files: smtpd/smtpd.c, smtpd/smtpd_check.c.
20170430
Safety net: append a null byte to vstring buffers, so that
C-style string operations won't scribble past the end. File:
vstring.c.
20170610
Workaround (introduced: Postfix 3.0 20140718): prevent MIME
downgrade of Postfix-generated message/delivery status.
It's supposed to be 7bit, therefore quoted-printable encoding
is not expected. Problem reported by Griff. File:
bounce/bounce_notify_util.c.
20170611
Security: Berkeley DB 2 and later try to read settings from
a file DB_CONFIG in the current directory. This undocumented
feature may introduce undisclosed vulnerabilities resulting
in privilege escalation with Postfix set-gid programs
(postdrop, postqueue) before they chdir to the Postfix queue
directory, and with the postmap and postalias commands
depending on whether the user's current directory is writable
by other users. This fix does not change Postfix behavior
for Berkeley DB < 3, but reduces file create performance
for Berkeley DB 3 .. 4.6. File: util/dict_db.c.