Mailinglist Archive: opensuse-commit (1903 mails)

< Previous Next >
commit postfix for openSUSE:Factory
Hello community,

here is the log from the commit of package postfix for openSUSE:Factory checked
in at 2019-04-04 12:01:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postfix (Old)
and /work/SRC/openSUSE:Factory/.postfix.new.3908 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "postfix"

Thu Apr 4 12:01:04 2019 rev:168 rq:690296 version:3.4.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2019-03-13
16:41:19.166686837 +0100
+++ /work/SRC/openSUSE:Factory/.postfix.new.3908/postfix.changes
2019-04-04 12:01:07.241300264 +0200
@@ -1,0 +2,83 @@
+Sun Mar 31 09:08:58 UTC 2019 - Michael Ströder <michael@xxxxxxxxxxxx>
+
+- Update to 3.4.5:
+ Bugfix (introduced: Postfix 3.0): LMTP connections over
+ UNIX-domain sockets were cached but not reused, due to a
+ cache lookup key mismatch. Therefore, idle cached connections
+ could exhaust LMTP server resources, resulting in two-second
+ pauses between email deliveries. This problem was investigated
+ by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
+
+-------------------------------------------------------------------
+Mon Mar 18 09:56:11 UTC 2019 - Peter Varkoly <varkoly@xxxxxxxx>
+
+- Update to 3.4.4
+
+ o Incompatible changes
+ - The Postfix SMTP server announces CHUNKING (BDAT
+ command) by default. In the unlikely case that this breaks some
+ important remote SMTP client, disable the feature as follows:
+
+ /etc/postfix/main.cf:
+ # The logging alternative:
+ smtpd_discard_ehlo_keywords = chunking
+ # The non-logging alternative:
+ smtpd_discard_ehlo_keywords = chunking, silent_discard
+ - This introduces a new master.cf service 'postlog'
+ with type 'unix-dgram' that is used by the new postlogd(8) daemon.
+ Before backing out to an older Postfix version, edit the master.cf
+ file and remove the postlog entry.
+ - Postfix 3.4 drops support for OpenSSL 1.0.1
+ - To avoid performance loss under load, the
+ tlsproxy(8) daemon now requires a zero process limit in master.cf
+ (this setting is provided with the default master.cf file). By
+ default, a tlsproxy(8) process will retire after several hours.
+ - To set the tlsproxy process limit to zero:
+ postconf -F tlsproxy/unix/process_limit=0
+ postfix reload
+ o Major changes
+ - Postfix SMTP server support for RFC 3030 CHUNKING
+ (the BDAT command) without BINARYMIME, in both smtpd(8) and
+ postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
+ and smtpd_proxy_filter. See BDAT_README for more.
+ - Support for logging to file or stdout, instead of using syslog.
+ - Logging to file solves a usability problem for MacOS, and
+ eliminates multiple problems with systemd-based systems.
+ - Logging to stdout is useful when Postfix runs in a container, as
+ it eliminates a syslogd dependency.
+ - Better handling of undocumented(!) Linux behavior
+ whether or not signals are delivered to a PID=1 process.
+ - Support for (key, list of filenames) in map source text.
+ Currently, this feature is used only by tls_server_sni_maps.
+ - Automatic retirement: dnsblog(8) and tlsproxy(8) process
+ will now voluntarily retire after after max_idle*max_use, or some
+ sane limit if either limit is disabled. Without this, a process
+ could stay busy for days or more.
+ - Postfix SMTP client support for multiple deliveries
+ per TLS-encrypted connection. This is primarily to improve mail
+ delivery performance for destinations that throttle clients when
+ they don't combine deliveries.
+ This feature is enabled with "smtp_tls_connection_reuse=yes" in
+ main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps.
+ It supports all Postfix TLS security levels including dane and
+ dane-only.
+ - SNI support in the Postfix SMTP server, the
+ Postfix SMTP client, and in the tlsproxy(8) daemon (both server and
+ client roles). See the postconf(5) documentation for the new
+ tls_server_sni_maps and smtp_tls_servername parameters.
+ - Support for files that contain multiple (key, certificate, trust chain)
+ instances. This was required to implement
+ server-side SNI table lookups, but it also eliminates the need for
+ separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
+ - Support for smtpd_reject_footer_maps (as well as the postscreen
+ variant postscreen_reject_footer_maps) for more informative reject
+ messages. This is indexed with the Postfix SMTP server response
+ text, and overrides the footer specified with smtpd_reject_footer.
+ One will want to use a pcre: or regexp: map with this.
+ o Bugfixes
+ - Andreas Schulze discovered that reject_multi_recipient_bounce
+ was producing false rejects with BDAT commands. This problem
+ already existed with Postfix 2.2 smtpd_end_of_data_restrictons.
+ Postfix 3.4.4 fixes both.
+
+-------------------------------------------------------------------

Old:
----
postfix-3.3.3.tar.gz

New:
----
postfix-3.4.5.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ postfix.spec ++++++
--- /var/tmp/diff_new_pack.hvXL7o/_old 2019-04-04 12:01:09.741302266 +0200
+++ /var/tmp/diff_new_pack.hvXL7o/_new 2019-04-04 12:01:09.761302283 +0200
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


@@ -55,7 +55,7 @@
%bcond_with libnsl
%endif
Name: postfix
-Version: 3.3.3
+Version: 3.4.5
Release: 0
Summary: A fast, secure, and flexible mailer
License: IPL-1.0 OR EPL-2.0

++++++ postfix-3.3.3.tar.gz -> postfix-3.4.5.tar.gz ++++++
++++ 39714 lines of diff (skipped)

++++++ postfix-linux45.patch ++++++
--- /var/tmp/diff_new_pack.hvXL7o/_old 2019-04-04 12:01:10.997303273 +0200
+++ /var/tmp/diff_new_pack.hvXL7o/_new 2019-04-04 12:01:10.997303273 +0200
@@ -1,15 +1,13 @@
----
- makedefs | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- makedefs
-+++ makedefs
-@@ -546,7 +546,7 @@ EOF
+--- makedefs.orig 2019-03-11 13:54:48.176455533 +0100
++++ makedefs 2019-03-11 13:55:44.512455319 +0100
+@@ -557,8 +557,8 @@
: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
: ${PLUGIN_LD="${CC-gcc} -shared"}
;;
-- Linux.[34].*) SYSTYPE=LINUX$RELEASE_MAJOR
-+ Linux.[3-9].*|Linux.[1-9][0-9].*) SYSTYPE=LINUX3
- case "$CCARGS" in
+- Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR
+- case "$CCARGS" in
++ Linux.[3-9].*|Linux.[1-9][0-9].*) SYSTYPE=LINUX3
++ case "$CCARGS" in
*-DNO_DB*) ;;
*-DHAS_DB*) ;;
+ *) if [ -f /usr/include/db.h ]

++++++ postfix-master.cf.patch ++++++
--- /var/tmp/diff_new_pack.hvXL7o/_old 2019-04-04 12:01:11.005303279 +0200
+++ /var/tmp/diff_new_pack.hvXL7o/_new 2019-04-04 12:01:11.005303279 +0200
@@ -1,8 +1,6 @@
-Index: conf/master.cf
-===================================================================
---- conf/master.cf.orig
-+++ conf/master.cf
-@@ -10,33 +10,39 @@
+--- conf/master.cf.orig 2019-03-11 13:45:38.792457629 +0100
++++ conf/master.cf 2019-03-11 13:50:08.312456601 +0100
+@@ -10,6 +10,11 @@
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
@@ -14,59 +12,18 @@
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
- #tlsproxy unix - - n - 0 tlsproxy
- #submission inet n - n - - smtpd
--# -o syslog_name=postfix/submission
--# -o smtpd_tls_security_level=encrypt
--# -o smtpd_sasl_auth_enable=yes
--# -o smtpd_tls_auth_only=yes
--# -o smtpd_reject_unlisted_recipient=no
--# -o smtpd_client_restrictions=$mua_client_restrictions
--# -o smtpd_helo_restrictions=$mua_helo_restrictions
--# -o smtpd_sender_restrictions=$mua_sender_restrictions
--# -o smtpd_recipient_restrictions=
--# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
--# -o milter_macro_daemon_name=ORIGINATING
-+# -o syslog_name=postfix/submission
-+# -o smtpd_tls_security_level=encrypt
-+# -o smtpd_sasl_auth_enable=yes
-+# -o smtpd_tls_auth_only=yes
-+# -o smtpd_reject_unlisted_recipient=no
-+# -o smtpd_client_restrictions=$mua_client_restrictions
-+# -o smtpd_helo_restrictions=$mua_helo_restrictions
-+# -o smtpd_sender_restrictions=$mua_sender_restrictions
-+# -o smtpd_recipient_restrictions=
-+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-+# -o milter_macro_daemon_name=ORIGINATING
+@@ -29,6 +34,7 @@
#smtps inet n - n - - smtpd
--# -o syslog_name=postfix/smtps
--# -o smtpd_tls_wrappermode=yes
--# -o smtpd_sasl_auth_enable=yes
--# -o smtpd_reject_unlisted_recipient=no
--# -o smtpd_client_restrictions=$mua_client_restrictions
--# -o smtpd_helo_restrictions=$mua_helo_restrictions
--# -o smtpd_sender_restrictions=$mua_sender_restrictions
--# -o smtpd_recipient_restrictions=
--# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
--# -o milter_macro_daemon_name=ORIGINATING
-+# -o syslog_name=postfix/smtps
-+# -o smtpd_tls_wrappermode=yes
-+# -o content_filter=smtp:[127.0.0.1]:10024
-+# -o smtpd_sasl_auth_enable=yes
-+# -o smtpd_reject_unlisted_recipient=no
-+# -o smtpd_client_restrictions=$mua_client_restrictions
-+# -o smtpd_helo_restrictions=$mua_helo_restrictions
-+# -o smtpd_sender_restrictions=$mua_sender_restrictions
-+# -o smtpd_recipient_restrictions=
-+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-+# -o milter_macro_daemon_name=ORIGINATING
- #628 inet n - n - - qmqpd
- pickup unix n - n 60 1 pickup
- cleanup unix n - n - 0 cleanup
-@@ -64,6 +70,27 @@ virtual unix - n n
- lmtp unix - - n - - lmtp
+ # -o syslog_name=postfix/smtps
+ # -o smtpd_tls_wrappermode=yes
++# -o content_filter=smtp:[127.0.0.1]:10024
+ # -o smtpd_sasl_auth_enable=yes
+ # -o smtpd_reject_unlisted_recipient=no
+ # -o smtpd_client_restrictions=$mua_client_restrictions
+@@ -65,6 +71,26 @@
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
+ postlog unix-dgram n - n - 1 postlogd
+#localhost:10025 inet n - n - - smtpd
+# -o content_filter=
+# -o smtpd_delay_reject=no
@@ -87,11 +44,10 @@
+# -o local_header_rewrite_clients=
+# -o local_recipient_maps=
+# -o relay_recipient_maps=
-+
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
-@@ -97,7 +124,7 @@ scache unix - - n
+@@ -98,7 +124,7 @@
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
@@ -100,7 +56,7 @@
#
# ====================================================================
#
-@@ -130,3 +157,10 @@ scache unix - - n
+@@ -131,3 +157,10 @@
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}

++++++ postfix-ssl-release-buffers.patch ++++++
--- /var/tmp/diff_new_pack.hvXL7o/_old 2019-04-04 12:01:11.025303295 +0200
+++ /var/tmp/diff_new_pack.hvXL7o/_new 2019-04-04 12:01:11.025303295 +0200
@@ -1,34 +1,27 @@
-Index: src/tls/tls_client.c
-===================================================================
---- src/tls/tls_client.c.orig
-+++ src/tls/tls_client.c
-@@ -363,6 +363,12 @@ TLS_APPL_STATE *tls_client_init(const TL
+--- src/tls/tls_client.c.orig 2019-03-11 14:24:34.492448719 +0100
++++ src/tls/tls_client.c 2019-03-11 14:27:42.824448001 +0100
+@@ -397,6 +397,11 @@
SSL_CTX_set_security_level(client_ctx, 0);
#endif

-+ /* Keep memory usage as low as possible */
-+
+#ifdef SSL_MODE_RELEASE_BUFFERS
++ /* Keep memory usage as low as possible */
+ SSL_CTX_set_mode(client_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
+
/*
* See the verify callback in tls_verify.c
*/
-Index: src/tls/tls_server.c
-===================================================================
---- src/tls/tls_server.c.orig
-+++ src/tls/tls_server.c
-@@ -454,6 +454,12 @@ TLS_APPL_STATE *tls_server_init(const TL
- SSL_CTX_set_security_level(server_ctx, 0);
+--- src/tls/tls_server.c.orig 2019-03-11 14:26:04.700448375 +0100
++++ src/tls/tls_server.c 2019-03-11 14:27:49.184447977 +0100
+@@ -455,6 +455,10 @@
+ SSL_CTX_set_security_level(sni_ctx, 0);
#endif

-+ /* Keep memory usage as low as possible */
-+
+#ifdef SSL_MODE_RELEASE_BUFFERS
++ /* Keep memory usage as low as possible */
+ SSL_CTX_set_mode(server_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
-+
/*
* See the verify callback in tls_verify.c
*/


< Previous Next >
This Thread
  • No further messages