commit postfix for openSUSE:Factory

h_root Tue, 09 Dec 2014 00:13:55 -0800

Hello community,

here is the log from the commit of package postfix for openSUSE:Factory checked 
in at 2014-12-09 09:13:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postfix (Old)
 and      /work/SRC/openSUSE:Factory/.postfix.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "postfix"

Changes:
--------
--- /work/SRC/openSUSE:Factory/postfix/postfix.changes  2014-09-07 
11:08:31.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes     2014-12-09 
09:13:23.000000000 +0100
@@ -1,0 +2,68 @@
+Fri Nov 21 14:49:19 UTC 2014 - [email protected]
+
+- Remove keyring and things as it is md5 based one no longer
+  accepted by gpg 2.1
+
+-------------------------------------------------------------------
+Fri Nov 14 09:19:00 UTC 2014 - [email protected]
+
+- No longer perform gpg validation; osc source_validator does it
+  implicit:
+  + Drop gpg-offline BuildRequires.
+  + No longer execute gpg_verify.
+
+-------------------------------------------------------------------
+Mon Oct 27 18:22:02 UTC 2014 - [email protected]
+
+- restore previously lost fix:
+  Fri Oct 11 13:32:32 UTC 2013 - [email protected]
+  - Ignore errors in %pre/%post.
+
+-------------------------------------------------------------------
+Mon Oct 20 07:52:39 UTC 2014 - [email protected]
+
+- postfix 2.11.3:
+
+  * Fix for configurations that prepend message headers with Postfix
+    access maps, policy servers or Milter applications. Postfix now
+    hides its own Received: header from Milters and exposes prepended
+    headers to Milters, regardless of the mechanism used to prepend
+    a header. This fix reverts a partial solution that was released
+    on October 13, 2014, and replaces it with a complete solution.
+  * Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure.
+
+- postfix 2.11.2:
+
+  * Fix for DMARC implementations based on SPF policy plus DKIM
+    Milter. The PREPEND access/policy action added headers ABOVE
+    Postfix's own Received: header, exposing Postfix's own Received:
+    header to Milters (protocol violation) and hiding the PREPENDed
+    header from Milters. PREPENDed headers are now added BELOW
+    Postfix's own Received: header and remain visible to Milters.
+  * The Postfix SMTP server logged an incorrect client name in
+    reject messages for check_reverse_client_hostname_access and
+    check_reverse_client_hostname_{mx,ns}_access. They replied with
+    the verified client name, instead of the name that was rejected.
+  * The qmqpd daemon crashed with null pointer bug when logging a
+    lost connection while not in a mail transaction.
+
+-------------------------------------------------------------------
+Sun Sep 14 16:50:57 UTC 2014 - [email protected]
+
+- switch from md5 based signature to one using the SHA-512 digest
+  algorithm supplied by maintainer on ML to pass source_validator
+
+-------------------------------------------------------------------
+Sat Sep 13 21:44:41 UTC 2014 - [email protected]
+
+- postfix 2.11.1:
+  * With connection caching enabled (the default), recipients could
+    be given to the wrong mail server.
+  * Enforce TLS when TLSA records exist, but all are unusable.
+  * Don't leak memory when TLSA records exist, but all are unusable.
+  * Prepend "-I. -I../../include" to the compiler command-line
+    options, to avoid name clashes with non-Postfix header files. 
+  * documentation fixes
+  * logging fixes
+
+-------------------------------------------------------------------

Old:
----
  postfix-2.11.0.tar.gz
  postfix-2.11.0.tar.gz.sig
  postfix.keyring

New:
----
  postfix-2.11.3.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ postfix.spec ++++++
--- /var/tmp/diff_new_pack.R9nEoW/_old  2014-12-09 09:13:24.000000000 +0100
+++ /var/tmp/diff_new_pack.R9nEoW/_new  2014-12-09 09:13:24.000000000 +0100
@@ -20,15 +20,15 @@
 Summary:        A fast, secure, and flexible mailer
 License:        IPL-1.0
 Group:          Productivity/Networking/Email/Servers
-Version:        2.11.0
+Version:        2.11.3
 Release:        0
 Url:            http://www.postfix.org/
 
 Source:         
http://www.artfiles.org/postfix.org/postfix-release/official/postfix-%{version}.tar.gz
-Source1:        
http://www.artfiles.org/postfix.org/postfix-release/official/postfix-%{version}.tar.gz.sig
+#Source1:        postfix-%{version}.tar.gz.asc
 Source2:        %{name}-SuSE.tar.gz
 Source3:        %{name}-mysql.tar.bz2
-Source4:        %{name}.keyring
+#Source4:        %{name}.keyring
 Source10:       postfix-rpmlintrc
 Source11:       check_mail_queue
 Patch0:         dynamic_maps.patch
@@ -70,9 +70,6 @@
 BuildRequires:  systemd
 %{?systemd_requires}
 %endif
-%if %suse_version >= 1230
-BuildRequires:  gpg-offline
-%endif
 
 #
 Conflicts:      sendmail exim
@@ -156,7 +153,6 @@
 PostgreSQL.
 
 %prep
-%{?gpg_verify: %gpg_verify %{S:1}}
 %setup -q -a 2 -a 3
 %patch0 -p1
 %patch1 -p1
@@ -435,7 +431,7 @@
                 fi
         fi
         echo "Executing upgrade-configuration."
-        /usr/sbin/postfix set-permissions upgrade-configuration 
setgid_group=%{pf_setgid_group}
+        /usr/sbin/postfix set-permissions upgrade-configuration 
setgid_group=%{pf_setgid_group} || :
         if [ $MASTERCH -eq 0 ]; then
            test -e /var/adm/SuSEconfig/md5/etc/postfix/master.cf && grep -v 
"^#" /etc/postfix/master.cf | md5sum > 
/var/adm/SuSEconfig/md5/etc/postfix/master.cf
         fi

++++++ postfix-2.11.0.tar.gz -> postfix-2.11.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/HISTORY new/postfix-2.11.3/HISTORY
--- old/postfix-2.11.0/HISTORY  2014-01-15 23:53:59.000000000 +0100
+++ new/postfix-2.11.3/HISTORY  2014-10-20 00:11:34.000000000 +0200
@@ -19528,3 +19528,93 @@
 20140110-15
 
        Miscellaneous documentation cleanups.
+
+20140116
+
+       Workaround: prepend "-I. -I../../include" to CCARGS, to
+       avoid name clashes with non-Postfix header files. File:
+       makedefs.
+
+20140125
+
+       Cleanup: postconf(1) manpage missing version attribution
+       and incorrect "author" formatting. File: postconf/postconf.c.
+
+20140223
+
+       Logging: the TLS client logged that an "Untrusted" TLS
+       connection was established instead of "Anonymous".  Viktor
+       Dukhovni. File: tls/tls_client.c.
+
+20140227
+
+       Bugfix: Enforce TLS when TLSA records exist, but all are
+       unusable; Don't leak dane handle when all TLSA records are
+       unusable.  Viktor Dukhovni. File: smtp/smtp_tls_policy.c.
+
+       Cleanup: log TLS policy lookup errors as warnings. Viktor
+       Dukhovni.  File: smtp/smtp_connect.c.
+
+20140407
+
+       Documentation: the documentation for Postfix > 2.8 TLS
+       activity logging was incorrect. Loglevel 0 produces no
+       logging. Instead, information is logged only with loglevel
+       1 or higher. Viktor Dukhovni. Files: proto/TLS_README.html,
+       proto/postconf.proto.
+
+20140507
+
+       Bugfix (introduced: Postfix 2.11): with connection caching
+       enabled (the default), recipients could be given to the
+       wrong mail server.  Root cause: due to an incorrect predicate,
+       the Postfix SMTP client could save and restore plaintext
+       connections that should not be cached, under nonsensical
+       lookup keys that did not distinguish by destination.  Problem
+       reported by Sahil Tandon, predicate error found by Viktor,
+       redundant connection restore request eliminated by Wietse.
+       File: smtp/smtp_connect.c.
+
+20140619
+
+       Bugfix (introduced: 2001): qmqpd null pointer bug when it
+       logs a lost connection while not in a mail transaction.
+       Reported by Michal Adamek. File: qmqpd/qmqpd.c.
+
+20140920
+
+       Bugfix (introduced: 20080212): incorrect client name in
+       reject messages from check_reverse_client_hostname_access
+       and check_reverse_client_hostname_{mx,ns}_access.  They
+       replied with the verified client name, instead of the name
+       that was rejected.  Problem reported by Reindl Harald. File:
+       smtpd/smtpd_check.c.
+
+20141012
+
+       Bugfix (introduced: Postfix 2.3): the PREPEND access/policy
+       action added headers ABOVE Postfix's own Received: header,
+       exposing Postfix's own Received: header to Milters (protocol
+       violation) and hiding the PREPENDed header from Milters.
+       The latter caused problems for DMARC implementations with
+       SPF policy plus DKIM Milter.  PREPENDed headers are now
+       added BELOW Postfix's own Received: header and remain visible
+       to Milters. File: smtpd/smtpd.c.
+
+20141014
+
+       Portability: Darwin 11.x needs to link with -lresolv. Viktor
+       Dukhovni. File: makedefs.
+
+20141018
+
+       Bugfix (introduced: Postfix 2.3): when a Milter inserted a
+       header ABOVE Postfix's own Received: header, Postfix would
+       expose its own Received: header to Milters (violating
+       protocol) and hide the Milter-inserted header from Milters
+       (wtf).  Files: cleanup/cleanup.h, cleanup/cleanup_message.c,
+       cleanup/cleanup_state.c, milter/milter.[hc], milter/milter8.c.
+
+       Cleanup: revert the workaround that places headers inserted
+       with PREPEND actions or policy requests BELOW Postfix's own
+       Received: message header. File: smtpd/smtpd.c.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/README_FILES/TLS_README 
new/postfix-2.11.3/README_FILES/TLS_README
--- old/postfix-2.11.0/README_FILES/TLS_README  2014-01-06 20:49:09.000000000 
+0100
+++ new/postfix-2.11.3/README_FILES/TLS_README  2014-04-22 15:52:38.000000000 
+0200
@@ -247,27 +247,25 @@
 increase the log level from 0..4. Each logging level also includes the
 information that is logged at a lower logging level.
 
-     _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
-    |LLeevveell|PPoossttffiixx 22..99 aanndd llaatteerr 
            |EEaarrlliieerr rreelleeaasseess..               |
-    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |0    |Log only a summary message on TLS |Disable logging of TLS activity.|
-    |     |handshake completion -- no logging|                                |
-    |     |of client certificate trust-chain |                                |
-    |     |verification errors if client     |                                |
-    |     |certificate verification is not   |                                |
-    |     |required.                         |                                |
-    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |1    |Also log trust-chain verification |Also log TLS handshake and      |
-    |     |errors and peer certificate       |certificate information.        |
-    |     |summary information.              |                                |
-    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |2    |Also log levels during TLS negotiation.                            |
-    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |3    |Also log hexadecimal and ASCII dump of TLS negotiation process.    |
-    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |4    |Also log hexadecimal and ASCII dump of complete transmission after |
-    |     |STARTTLS.                                                          |
-    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+     _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
+    |LLeevveell|PPoossttffiixx 22..99 aanndd llaatteerr 
            |EEaarrlliieerr rreelleeaasseess..              |
+    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |0    |Disable logging of TLS activity.                                  |
+    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |1    |Log only a summary message on TLS |Log the summary message, peer  |
+    |     |handshake completion -- no logging|certificate summary information|
+    |     |of client certificate trust-chain |and unconditionally log trust- |
+    |     |verification errors if client     |chain verification errors.     |
+    |     |certificate verification is not   |                               |
+    |     |required.                         |                               |
+    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |2    |Also log levels during TLS negotiation.                           |
+    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |3    |Also log hexadecimal and ASCII dump of TLS negotiation process.   |
+    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |4    |Also log hexadecimal and ASCII dump of complete transmission after|
+    |     |STARTTLS.                                                         |
+    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 
 Use log level 3 only in case of problems. Use of log level 4 is strongly
 discouraged.
@@ -1321,27 +1319,25 @@
 increase the loglevel from 0..4. Each logging level also includes the
 information that is logged at a lower logging level.
 
-     _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
-    |LLeevveell|PPoossttffiixx 22..99 aanndd llaatteerr 
            |EEaarrlliieerr rreelleeaasseess..               |
-    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |0    |Log only a summary message on TLS |Disable logging of TLS activity.|
-    |     |handshake completion -- no logging|                                |
-    |     |of remote SMTP server certificate |                                |
-    |     |trust-chain verification errors if|                                |
-    |     |server certificate verification is|                                |
-    |     |not required.                     |                                |
-    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |1    |Also log remote SMTP server trust-|Also log TLS handshake and      |
-    |     |chain verification errors and peer|certificate information.        |
-    |     |certificate summary information.  |                                |
-    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |2    |Also log levels during TLS negotiation.                            |
-    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |3    |Also log hexadecimal and ASCII dump of TLS negotiation process.    |
-    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |4    |Also log hexadecimal and ASCII dump of complete transmission after |
-    |     |STARTTLS.                                                          |
-    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+     _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
+    |LLeevveell|PPoossttffiixx 22..99 aanndd llaatteerr 
            |EEaarrlliieerr rreelleeaasseess..              |
+    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |0    |Disable logging of TLS activity.                                  |
+    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |1    |Log only a summary message on TLS |Log the summary message and    |
+    |     |handshake completion -- no logging|unconditionally log trust-chain|
+    |     |of remote SMTP server certificate |verification errors.           |
+    |     |trust-chain verification errors if|                               |
+    |     |server certificate verification is|                               |
+    |     |not required.                     |                               |
+    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |2    |Also log levels during TLS negotiation.                           |
+    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |3    |Also log hexadecimal and ASCII dump of TLS negotiation process.   |
+    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |4    |Also log hexadecimal and ASCII dump of complete transmission after|
+    |     |STARTTLS.                                                         |
+    |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 
 Example:
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/html/TLS_README.html 
new/postfix-2.11.3/html/TLS_README.html
--- old/postfix-2.11.0/html/TLS_README.html     2014-01-06 20:49:08.000000000 
+0100
+++ new/postfix-2.11.3/html/TLS_README.html     2014-04-22 15:52:37.000000000 
+0200
@@ -384,16 +384,15 @@
 <tr> <th> Level </th> <th> Postfix 2.9 and later</th> <th> Earlier
 releases. </th> </tr>
 
-<tr> <td valign="top"> 0 </td> <td valign="top"> Log only a summary
+<tr> <td valign="top"> 0 </td> <td valign="top" colspan="2"> Disable
+logging of TLS activity. </td> </tr>
+
+<tr> <td valign="top"> 1 </td> <td valign="top"> Log only a summary
 message on TLS handshake completion &mdash; no logging of client
 certificate trust-chain verification errors if client certificate
-verification is not required. </td> <td valign="top"> Disable logging
-of TLS activity.</td> </tr>
-
-<tr> <td valign="top"> 1 </td> <td valign="top"> Also log trust-chain
-verification errors and peer certificate summary information. </td>
-<td valign="top"> Also log TLS handshake and certificate information.
-</td> </tr>
+verification is not required. </td> <td valign="top"> Log the summary
+message, peer certificate summary information and unconditionally log
+trust-chain verification errors.  </td> </tr>
 
 <tr> <td valign="top"> 2 </td> <td valign="top" colspan="2"> Also
 log levels during TLS negotiation.  </td> </tr>
@@ -1750,16 +1749,15 @@
 <tr> <th> Level </th> <th> Postfix 2.9 and later</th> <th> Earlier
 releases. </th> </tr>
 
-<tr> <td valign="top"> 0 </td> <td valign="top"> Log only a summary
-message on TLS handshake completion &mdash; no logging of remote
-SMTP server certificate trust-chain verification errors if server
-certificate verification is not required. </td> <td valign="top">
-Disable logging of TLS activity.</td> </tr>
-
-<tr> <td valign="top"> 1 </td> <td valign="top"> Also log remote
-SMTP server trust-chain verification errors and peer certificate
-summary information. </td> <td valign="top"> Also log TLS handshake
-and certificate information.  </td> </tr>
+<tr> <td valign="top"> 0 </td> <td valign="top" colspan="2"> Disable
+logging of TLS activity.  </td> </tr>
+
+<tr> <td valign="top"> 1 </td> <td valign="top"> Log only a summary
+message on TLS handshake completion &mdash; no logging of remote SMTP
+server certificate trust-chain verification errors if server certificate
+verification is not required. </td> <td valign="top"> Log the summary
+message and unconditionally log trust-chain verification errors.
+</td> </tr>
 
 <tr> <td valign="top"> 2 </td> <td valign="top" colspan="2"> Also
 log levels during TLS negotiation. </td> </tr>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/html/postconf.1.html 
new/postfix-2.11.3/html/postconf.1.html
--- old/postfix-2.11.0/html/postconf.1.html     2013-12-21 01:37:52.000000000 
+0100
+++ new/postfix-2.11.3/html/postconf.1.html     2014-03-23 00:18:38.000000000 
+0100
@@ -123,6 +123,8 @@
 
               The default is as if "<b>-C all</b>" is specified.
 
+              This feature is available with Postfix 2.9 and later.
+
        <b>-d</b>     Print  <a href="postconf.5.html"><b>main.cf</b></a> 
default parameter settings instead of actual set-
               tings.  Specify <b>-df</b> to fold long  lines  for  human  
readability
               (Postfix 2.9 and later).
@@ -330,6 +332,8 @@
 
        <b>-p</b>     Show <a href="postconf.5.html"><b>main.cf</b></a> 
parameter settings. This is the default.
 
+              This feature is available with Postfix 2.11 and later.
+
        <b>-P</b>     Show  <a href="master.5.html"><b>master.cf</b></a>  
service parameter settings (by default all ser-
               vices   and   all   parameters).    formatted   as   one   
"<i>ser-</i>
               <i>vice/type/parameter=value</i>"  per  line.  Specify 
<b>-Pf</b> to fold long
@@ -444,8 +448,10 @@
        The Secure Mailer license must be distributed with this software.
 
 <b>AUTHOR(S)</b>
-       Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
-       Heights, NY 10598, USA
+       Wietse Venema
+       IBM T.J. Watson Research
+       P.O. Box 704
+       Yorktown Heights, NY 10598, USA
 
                                                                    POSTCONF(1)
 </pre> </body> </html>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/html/postconf.5.html 
new/postfix-2.11.3/html/postconf.5.html
--- old/postfix-2.11.0/html/postconf.5.html     2014-01-12 19:01:05.000000000 
+0100
+++ new/postfix-2.11.3/html/postconf.5.html     2014-04-22 15:52:38.000000000 
+0200
@@ -8600,7 +8600,7 @@
 
 <pre>
 # Handle both Postfix and qmail extensions (Postfix 2.11 and later).
-recipient_delimiters = +-
+<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +-
 </pre>
 
 <pre>
@@ -11362,14 +11362,13 @@
 
 <dl compact>
 
-<dt> </dt> <dd> 0 Log only a summary message on TLS handshake completion
+<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd>
+
+<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion
 &mdash; no logging of remote SMTP server certificate trust-chain
 verification errors if server certificate verification is not required.
-With Postfix 2.8 and earlier, disable logging of TLS activity.  </dd>
-
-<dt> </dt> <dd> 1 Also log remote SMTP server trust-chain verification
-errors and peer certificate summary information. With Postfix 2.8
-and earlier, log TLS handshake and certificate information.  </dd>
+With Postfix 2.8 and earlier, log the summary message and unconditionally
+log trust-chain verification errors.  </dd>
 
 <dt> </dt> <dd> 2 Also log levels during TLS negotiation.  </dd>
 
@@ -15555,15 +15554,13 @@
 
 <dl compact>
 
-<dt> </dt> <dd> 0 Log only a summary message on TLS handshake completion
-&mdash; no logging of remote SMTP client certificate trust-chain verification
-errors
-if client certificate verification is not required. With Postfix 2.8
-and earlier, disable logging of TLS activity. </dd>
-
-<dt> </dt> <dd> 1 Also log trust-chain verification errors and peer
-certificate name and issuer. With Postfix 2.8 and earlier, log TLS
-handshake and certificate information. </dd>
+<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd>
+
+<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion
+&mdash; no logging of client certificate trust-chain verification errors
+if client certificate verification is not required.  With Postfix 2.8 and
+earlier, log the summary message, peer certificate summary information
+and unconditionally log trust-chain verification errors.  </dd>
 
 <dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd>
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/makedefs new/postfix-2.11.3/makedefs
--- old/postfix-2.11.0/makedefs 2014-01-05 18:18:56.000000000 +0100
+++ new/postfix-2.11.3/makedefs 2014-10-20 00:10:54.000000000 +0200
@@ -491,9 +491,9 @@
                     ?.*) CCARGS="$CCARGS -DRESOLVE_H_NEEDS_NAMESER8_COMPAT_H";;
                       *) CCARGS="$CCARGS 
-DRESOLVE_H_NEEDS_ARPA_NAMESER_COMPAT_H";;
                esac
-               # Darwin 12.x (MacOS X 10.8.x), maybe earlier, needs libresolv.
+               # Darwin 11.x (MacOS X 10.7.x), maybe earlier, needs libresolv.
                case $RELEASE in
-           ?.*|1[0-1].*) ;;
+               ?.*|10.*) ;;
                       *) SYSLIBS="$SYSLIBS -lresolv";;
                esac
                # kqueue and/or poll are broken in MacOS X 10.5 (Darwin 9).
@@ -638,6 +638,9 @@
 # needed before the code stabilizes.
 #CCARGS="$CCARGS -DNONPROD"
 
+# Workaround: prepend Postfix include files before other include files.
+CCARGS="-I. -I../../include $CCARGS"
+
 sed 's/  / /g' <<EOF
 SYSTYPE        = $SYSTYPE
 AR     = $AR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/man/man1/postconf.1 
new/postfix-2.11.3/man/man1/postconf.1
--- old/postfix-2.11.0/man/man1/postconf.1      2013-12-20 19:36:33.000000000 
+0100
+++ new/postfix-2.11.3/man/man1/postconf.1      2014-03-23 00:18:38.000000000 
+0100
@@ -143,6 +143,8 @@
 .IP
 The default is as if "\fB-C all\fR" is
 specified.
+
+This feature is available with Postfix 2.9 and later.
 .IP \fB-d\fR
 Print \fBmain.cf\fR default parameter settings instead of
 actual settings.
@@ -347,6 +349,8 @@
 This feature is available with Postfix 2.10 and later.
 .IP \fB-p\fR
 Show \fBmain.cf\fR parameter settings. This is the default.
+
+This feature is available with Postfix 2.11 and later.
 .IP \fB-P\fR
 Show \fBmaster.cf\fR service parameter settings (by default
 all services and all parameters).  formatted as one
@@ -486,5 +490,7 @@
 .SH "AUTHOR(S)"
 .na
 .nf
-Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
-Heights, NY 10598, USA
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/man/man5/postconf.5 
new/postfix-2.11.3/man/man5/postconf.5
--- old/postfix-2.11.0/man/man5/postconf.5      2014-01-12 19:01:05.000000000 
+0100
+++ new/postfix-2.11.3/man/man5/postconf.5      2014-04-22 15:52:38.000000000 
+0200
@@ -5176,7 +5176,7 @@
 .na
 .ft C
 # Handle both Postfix and qmail extensions (Postfix 2.11 and later).
-recipient_delimiters = +-
+recipient_delimiter = +-
 .fi
 .ad
 .ft R
@@ -7120,15 +7120,14 @@
 Each logging level also includes the information that is logged at
 a lower logging level.
 .IP ""
-0 Log only a summary message on TLS handshake completion
-- no logging of remote SMTP server certificate trust-chain
-verification errors if server certificate verification is not required.
-With Postfix 2.8 and earlier, disable logging of TLS activity.
+0 Disable logging of TLS activity.
 .br
 .IP ""
-1 Also log remote SMTP server trust-chain verification
-errors and peer certificate summary information. With Postfix 2.8
-and earlier, log TLS handshake and certificate information.
+1 Log only a summary message on TLS handshake completion
+- no logging of remote SMTP server certificate trust-chain
+verification errors if server certificate verification is not required.
+With Postfix 2.8 and earlier, log the summary message and unconditionally
+log trust-chain verification errors.
 .br
 .IP ""
 2 Also log levels during TLS negotiation.
@@ -10554,16 +10553,14 @@
 Each logging level also includes the information that is logged at
 a lower logging level.
 .IP ""
-0 Log only a summary message on TLS handshake completion
-- no logging of remote SMTP client certificate trust-chain verification
-errors
-if client certificate verification is not required. With Postfix 2.8
-and earlier, disable logging of TLS activity.
+0 Disable logging of TLS activity.
 .br
 .IP ""
-1 Also log trust-chain verification errors and peer
-certificate name and issuer. With Postfix 2.8 and earlier, log TLS
-handshake and certificate information.
+1 Log only a summary message on TLS handshake completion
+- no logging of client certificate trust-chain verification errors
+if client certificate verification is not required.  With Postfix 2.8 and
+earlier, log the summary message, peer certificate summary information
+and unconditionally log trust-chain verification errors.
 .br
 .IP ""
 2 Also log levels during TLS negotiation.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/proto/TLS_README.html 
new/postfix-2.11.3/proto/TLS_README.html
--- old/postfix-2.11.0/proto/TLS_README.html    2014-01-06 19:52:27.000000000 
+0100
+++ new/postfix-2.11.3/proto/TLS_README.html    2014-04-13 17:25:34.000000000 
+0200
@@ -384,16 +384,15 @@
 <tr> <th> Level </th> <th> Postfix 2.9 and later</th> <th> Earlier
 releases. </th> </tr>
 
-<tr> <td valign="top"> 0 </td> <td valign="top"> Log only a summary
+<tr> <td valign="top"> 0 </td> <td valign="top" colspan="2"> Disable
+logging of TLS activity. </td> </tr>
+
+<tr> <td valign="top"> 1 </td> <td valign="top"> Log only a summary
 message on TLS handshake completion &mdash; no logging of client
 certificate trust-chain verification errors if client certificate
-verification is not required. </td> <td valign="top"> Disable logging
-of TLS activity.</td> </tr>
-
-<tr> <td valign="top"> 1 </td> <td valign="top"> Also log trust-chain
-verification errors and peer certificate summary information. </td>
-<td valign="top"> Also log TLS handshake and certificate information.
-</td> </tr>
+verification is not required. </td> <td valign="top"> Log the summary
+message, peer certificate summary information and unconditionally log
+trust-chain verification errors.  </td> </tr>
 
 <tr> <td valign="top"> 2 </td> <td valign="top" colspan="2"> Also
 log levels during TLS negotiation.  </td> </tr>
@@ -1750,16 +1749,15 @@
 <tr> <th> Level </th> <th> Postfix 2.9 and later</th> <th> Earlier
 releases. </th> </tr>
 
-<tr> <td valign="top"> 0 </td> <td valign="top"> Log only a summary
-message on TLS handshake completion &mdash; no logging of remote
-SMTP server certificate trust-chain verification errors if server
-certificate verification is not required. </td> <td valign="top">
-Disable logging of TLS activity.</td> </tr>
-
-<tr> <td valign="top"> 1 </td> <td valign="top"> Also log remote
-SMTP server trust-chain verification errors and peer certificate
-summary information. </td> <td valign="top"> Also log TLS handshake
-and certificate information.  </td> </tr>
+<tr> <td valign="top"> 0 </td> <td valign="top" colspan="2"> Disable
+logging of TLS activity.  </td> </tr>
+
+<tr> <td valign="top"> 1 </td> <td valign="top"> Log only a summary
+message on TLS handshake completion &mdash; no logging of remote SMTP
+server certificate trust-chain verification errors if server certificate
+verification is not required. </td> <td valign="top"> Log the summary
+message and unconditionally log trust-chain verification errors.
+</td> </tr>
 
 <tr> <td valign="top"> 2 </td> <td valign="top" colspan="2"> Also
 log levels during TLS negotiation. </td> </tr>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/proto/postconf.proto 
new/postfix-2.11.3/proto/postconf.proto
--- old/postfix-2.11.0/proto/postconf.proto     2014-01-12 19:00:56.000000000 
+0100
+++ new/postfix-2.11.3/proto/postconf.proto     2014-04-22 15:50:29.000000000 
+0200
@@ -3546,7 +3546,7 @@
 
 <pre>
 # Handle both Postfix and qmail extensions (Postfix 2.11 and later).
-recipient_delimiters = +-
+recipient_delimiter = +-
 </pre>
 
 <pre>
@@ -9127,15 +9127,13 @@
 
 <dl compact>
 
-<dt> </dt> <dd> 0 Log only a summary message on TLS handshake completion
-&mdash; no logging of remote SMTP client certificate trust-chain verification 
-errors
-if client certificate verification is not required. With Postfix 2.8
-and earlier, disable logging of TLS activity. </dd>
-
-<dt> </dt> <dd> 1 Also log trust-chain verification errors and peer
-certificate name and issuer. With Postfix 2.8 and earlier, log TLS
-handshake and certificate information. </dd>
+<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd>
+
+<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion
+&mdash; no logging of client certificate trust-chain verification errors
+if client certificate verification is not required.  With Postfix 2.8 and
+earlier, log the summary message, peer certificate summary information
+and unconditionally log trust-chain verification errors.  </dd>
 
 <dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd>
 
@@ -9551,14 +9549,13 @@
 
 <dl compact>
 
-<dt> </dt> <dd> 0 Log only a summary message on TLS handshake completion
+<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd>
+
+<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion
 &mdash; no logging of remote SMTP server certificate trust-chain
 verification errors if server certificate verification is not required.
-With Postfix 2.8 and earlier, disable logging of TLS activity.  </dd>
-
-<dt> </dt> <dd> 1 Also log remote SMTP server trust-chain verification
-errors and peer certificate summary information. With Postfix 2.8
-and earlier, log TLS handshake and certificate information.  </dd>
+With Postfix 2.8 and earlier, log the summary message and unconditionally
+log trust-chain verification errors.  </dd>
 
 <dt> </dt> <dd> 2 Also log levels during TLS negotiation.  </dd>
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/cleanup/cleanup.h 
new/postfix-2.11.3/src/cleanup/cleanup.h
--- old/postfix-2.11.0/src/cleanup/cleanup.h    2013-11-24 01:39:32.000000000 
+0100
+++ new/postfix-2.11.3/src/cleanup/cleanup.h    2014-10-18 23:14:21.000000000 
+0200
@@ -61,6 +61,7 @@
     char   *orig_rcpt;                 /* original recipient address */
     char   *return_receipt;            /* return-receipt address */
     char   *errors_to;                 /* errors-to address */
+    ARGV   *auto_hdrs;                 /* MTA's own header(s) */
     int     flags;                     /* processing options, status flags */
     int     qmgr_opts;                 /* qmgr processing options */
     int     errs;                      /* any badness experienced */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/cleanup/cleanup_message.c 
new/postfix-2.11.3/src/cleanup/cleanup_message.c
--- old/postfix-2.11.0/src/cleanup/cleanup_message.c    2013-11-12 
18:53:03.000000000 +0100
+++ new/postfix-2.11.3/src/cleanup/cleanup_message.c    2014-10-18 
23:23:26.000000000 +0200
@@ -479,6 +479,10 @@
     if (hdr_opts && (hdr_opts->flags & HDR_OPT_MIME))
        header_class = MIME_HDR_MULTIPART;
 
+    /* Update the Received: header count before maybe dropping headers below. 
*/
+    if (hdr_opts && hdr_opts->type == HDR_RECEIVED)
+       state->hop_count += 1;
+
     if ((state->flags & CLEANUP_FLAG_FILTER)
        && (CHECK(MIME_HDR_PRIMARY, cleanup_header_checks, VAR_HEADER_CHECKS)
     || CHECK(MIME_HDR_MULTIPART, cleanup_mimehdr_checks, VAR_MIMEHDR_CHECKS)
@@ -579,9 +583,13 @@
            msg_info("%s: message-id=%s", state->queue_id, hdrval);
        if (hdr_opts->type == HDR_RESENT_MESSAGE_ID)
            msg_info("%s: resent-message-id=%s", state->queue_id, hdrval);
-       if (hdr_opts->type == HDR_RECEIVED)
-           if (++state->hop_count >= var_hopcount_limit)
+       if (hdr_opts->type == HDR_RECEIVED) {
+           if (state->hop_count >= var_hopcount_limit)
                state->errs |= CLEANUP_STAT_HOPS;
+           /* Save our Received: header after maybe updating headers above. */
+           if (state->hop_count == 1)
+               argv_add(state->auto_hdrs, vstring_str(header_buf), ARGV_END);
+       }
        if (CLEANUP_OUT_OK(state)) {
            if (hdr_opts->flags & HDR_OPT_RR)
                state->resent = "Resent-";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/cleanup/cleanup_milter.c 
new/postfix-2.11.3/src/cleanup/cleanup_milter.c
--- old/postfix-2.11.0/src/cleanup/cleanup_milter.c     2013-11-24 
02:25:40.000000000 +0100
+++ new/postfix-2.11.3/src/cleanup/cleanup_milter.c     2014-10-18 
23:14:21.000000000 +0200
@@ -2020,7 +2020,7 @@
      * filter library.
      */
     if ((resp = milter_message(milters, state->handle->stream,
-                              state->data_offset)) != 0)
+                              state->data_offset, state->auto_hdrs)) != 0)
        cleanup_milter_apply(state, "END-OF-MESSAGE", resp);
 
     /*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/cleanup/cleanup_state.c 
new/postfix-2.11.3/src/cleanup/cleanup_state.c
--- old/postfix-2.11.0/src/cleanup/cleanup_state.c      2013-11-24 
01:37:19.000000000 +0100
+++ new/postfix-2.11.3/src/cleanup/cleanup_state.c      2014-10-18 
23:14:21.000000000 +0200
@@ -78,6 +78,7 @@
     state->orig_rcpt = 0;
     state->return_receipt = 0;
     state->errors_to = 0;
+    state->auto_hdrs = argv_alloc(1);
     state->flags = 0;
     state->qmgr_opts = 0;
     state->errs = 0;
@@ -151,6 +152,7 @@
        myfree(state->return_receipt);
     if (state->errors_to)
        myfree(state->errors_to);
+    argv_free(state->auto_hdrs);
     if (state->queue_name)
        myfree(state->queue_name);
     if (state->queue_id)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/global/mail_version.h 
new/postfix-2.11.3/src/global/mail_version.h
--- old/postfix-2.11.0/src/global/mail_version.h        2014-01-15 
23:47:58.000000000 +0100
+++ new/postfix-2.11.3/src/global/mail_version.h        2014-10-20 
00:12:15.000000000 +0200
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20140115"
-#define MAIL_VERSION_NUMBER    "2.11.0"
+#define MAIL_RELEASE_DATE      "20141019"
+#define MAIL_VERSION_NUMBER    "2.11.3"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE      "-" MAIL_RELEASE_DATE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/milter/milter.c 
new/postfix-2.11.3/src/milter/milter.c
--- old/postfix-2.11.0/src/milter/milter.c      2011-10-24 16:28:38.000000000 
+0200
+++ new/postfix-2.11.3/src/milter/milter.c      2014-10-18 23:14:21.000000000 
+0200
@@ -85,10 +85,11 @@
 /*     const char *milter_other_event(milters)
 /*     MILTERS *milters;
 /*
-/*     const char *milter_message(milters, qfile, data_offset)
+/*     const char *milter_message(milters, qfile, data_offset, auto_hdrs)
 /*     MILTERS *milters;
 /*     VSTREAM *qfile;
 /*     off_t   data_offset;
+/*     ARGV    *auto_hdrs;
 /*
 /*     const char *milter_abort(milters)
 /*     MILTERS *milters;
@@ -481,7 +482,8 @@
 
 /* milter_message - inspect message content */
 
-const char *milter_message(MILTERS *milters, VSTREAM *fp, off_t data_offset)
+const char *milter_message(MILTERS *milters, VSTREAM *fp, off_t data_offset,
+                                  ARGV *auto_hdrs)
 {
     const char *resp;
     MILTER *m;
@@ -495,7 +497,8 @@
     for (resp = 0, m = milters->milter_list; resp == 0 && m != 0; m = m->next) 
{
        any_eoh_macros = MILTER_MACRO_EVAL(global_eoh_macros, m, milters, 
eoh_macros);
        any_eod_macros = MILTER_MACRO_EVAL(global_eod_macros, m, milters, 
eod_macros);
-       resp = m->message(m, fp, data_offset, any_eoh_macros, any_eod_macros);
+       resp = m->message(m, fp, data_offset, any_eoh_macros, any_eod_macros,
+                         auto_hdrs);
        if (any_eoh_macros != global_eoh_macros)
            argv_free(any_eoh_macros);
        if (any_eod_macros != global_eod_macros)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/milter/milter.h 
new/postfix-2.11.3/src/milter/milter.h
--- old/postfix-2.11.0/src/milter/milter.h      2009-04-27 16:53:56.000000000 
+0200
+++ new/postfix-2.11.3/src/milter/milter.h      2014-10-18 23:14:21.000000000 
+0200
@@ -40,7 +40,7 @@
     const char *(*mail_event) (struct MILTER *, const char **, ARGV *);
     const char *(*rcpt_event) (struct MILTER *, const char **, ARGV *);
     const char *(*data_event) (struct MILTER *, ARGV *);
-    const char *(*message) (struct MILTER *, VSTREAM *, off_t, ARGV *, ARGV *);
+    const char *(*message) (struct MILTER *, VSTREAM *, off_t, ARGV *, ARGV *, 
ARGV *);
     const char *(*unknown_event) (struct MILTER *, const char *, ARGV *);
     const char *(*other_event) (struct MILTER *);
     void    (*abort) (struct MILTER *);
@@ -136,7 +136,7 @@
 extern const char *milter_mail_event(MILTERS *, const char **);
 extern const char *milter_rcpt_event(MILTERS *, int, const char **);
 extern const char *milter_data_event(MILTERS *);
-extern const char *milter_message(MILTERS *, VSTREAM *, off_t);
+extern const char *milter_message(MILTERS *, VSTREAM *, off_t, ARGV *);
 extern const char *milter_unknown_event(MILTERS *, const char *);
 extern const char *milter_other_event(MILTERS *);
 extern void milter_abort(MILTERS *);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/milter/milter8.c 
new/postfix-2.11.3/src/milter/milter8.c
--- old/postfix-2.11.0/src/milter/milter8.c     2013-11-18 20:45:07.000000000 
+0100
+++ new/postfix-2.11.3/src/milter/milter8.c     2014-10-18 23:14:21.000000000 
+0200
@@ -2285,6 +2285,8 @@
     MILTER8 *milter;                   /* milter client */
     ARGV   *eoh_macros;                        /* end-of-header macros */
     ARGV   *eod_macros;                        /* end-of-body macros */
+    ARGV   *auto_hdrs;                 /* auto-generated headers */
+    int     auto_done;                 /* good enough for now */
     int     first_header;              /* first header */
     int     first_body;                        /* first body line */
     const char *resp;                  /* milter application response */
@@ -2301,6 +2303,8 @@
     MILTER8 *milter = msg_ctx->milter;
     char   *cp;
     int     skip_reply;
+    char  **cpp;
+    unsigned done;
 
     /*
      * XXX Workaround: mime_state_update() may invoke multiple call-backs
@@ -2329,10 +2333,11 @@
      * XXX Sendmail compatibility. It eats the first space (not tab) after the
      * header label and ":".
      */
-    if (msg_ctx->first_header) {
-       msg_ctx->first_header = 0;
-       return;
-    }
+    for (cpp = msg_ctx->auto_hdrs->argv, done = 1; *cpp; cpp++, done <<= 1)
+       if ((msg_ctx->auto_done & done) == 0 && strcmp(*cpp, STR(buf)) == 0) {
+           msg_ctx->auto_done |= done;
+           return;
+       }
 
     /*
      * Sendmail 8 sends multi-line headers as text separated by newline.
@@ -2507,7 +2512,8 @@
 static const char *milter8_message(MILTER *m, VSTREAM *qfile,
                                           off_t data_offset,
                                           ARGV *eoh_macros,
-                                          ARGV *eod_macros)
+                                          ARGV *eod_macros,
+                                          ARGV *auto_hdrs)
 {
     const char *myname = "milter8_message";
     MILTER8 *milter = (MILTER8 *) m;
@@ -2541,6 +2547,8 @@
        msg_ctx.milter = milter;
        msg_ctx.eoh_macros = eoh_macros;
        msg_ctx.eod_macros = eod_macros;
+       msg_ctx.auto_hdrs = auto_hdrs;
+       msg_ctx.auto_done = 0;
        msg_ctx.first_header = 1;
        msg_ctx.first_body = 1;
        msg_ctx.resp = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/postconf/postconf.c 
new/postfix-2.11.3/src/postconf/postconf.c
--- old/postfix-2.11.0/src/postconf/postconf.c  2013-12-20 19:35:56.000000000 
+0100
+++ new/postfix-2.11.3/src/postconf/postconf.c  2014-01-25 21:11:46.000000000 
+0100
@@ -137,6 +137,8 @@
 /* .IP
 /*     The default is as if "\fB-C all\fR" is
 /*     specified.
+/*
+/*     This feature is available with Postfix 2.9 and later.
 /* .IP \fB-d\fR
 /*     Print \fBmain.cf\fR default parameter settings instead of
 /*     actual settings.
@@ -341,6 +343,8 @@
 /*     This feature is available with Postfix 2.10 and later.
 /* .IP \fB-p\fR
 /*     Show \fBmain.cf\fR parameter settings. This is the default.
+/*
+/*     This feature is available with Postfix 2.11 and later.
 /* .IP \fB-P\fR
 /*     Show \fBmaster.cf\fR service parameter settings (by default
 /*     all services and all parameters).  formatted as one
@@ -464,8 +468,10 @@
 /*     The Secure Mailer license must be distributed with this
 /*     software.
 /* AUTHOR(S)
-/*     Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
-/*     Heights, NY 10598, USA
+/*     Wietse Venema
+/*     IBM T.J. Watson Research
+/*     P.O. Box 704
+/*     Yorktown Heights, NY 10598, USA
 /*--*/
 
 /* System library. */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/qmqpd/qmqpd.c 
new/postfix-2.11.3/src/qmqpd/qmqpd.c
--- old/postfix-2.11.0/src/qmqpd/qmqpd.c        2012-11-05 17:34:59.000000000 
+0100
+++ new/postfix-2.11.3/src/qmqpd/qmqpd.c        2014-06-19 19:05:27.000000000 
+0200
@@ -706,7 +706,8 @@
      */
     if (state->reason && state->where)
        msg_info("%s: %s: %s while %s",
-             state->queue_id, state->namaddr, state->reason, state->where);
+                state->queue_id ? state->queue_id : "NOQUEUE",
+                state->namaddr, state->reason, state->where);
 }
 
 /* qmqpd_service - service one client */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/smtp/smtp.h 
new/postfix-2.11.3/src/smtp/smtp.h
--- old/postfix-2.11.0/src/smtp/smtp.h  2014-01-04 02:02:30.000000000 +0100
+++ new/postfix-2.11.3/src/smtp/smtp.h  2014-05-07 19:17:29.000000000 +0200
@@ -195,7 +195,7 @@
        STR((state)->iterator->request_nexthop)[0] = 0; \
     }
 
-#define HAVE_NEXTHOP_STATE(state) (STR((state)->iterator->request_nexthop) != 
0)
+#define HAVE_NEXTHOP_STATE(state) (STR((state)->iterator->request_nexthop)[0] 
!= 0)
 
 
  /*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/smtp/smtp_connect.c 
new/postfix-2.11.3/src/smtp/smtp_connect.c
--- old/postfix-2.11.0/src/smtp/smtp_connect.c  2014-01-04 01:56:24.000000000 
+0100
+++ new/postfix-2.11.3/src/smtp/smtp_connect.c  2014-05-07 19:17:29.000000000 
+0200
@@ -510,7 +510,7 @@
      */
 #ifdef USE_TLS
     if (!smtp_tls_policy_cache_query(why, state->tls, iter)) {
-       msg_info("TLS policy lookup error for %s/%s: %s",
+       msg_warn("TLS policy lookup error for %s/%s: %s",
                 STR(iter->host), STR(iter->addr), STR(why->reason));
        return;
     }
@@ -666,6 +666,7 @@
 #endif
     SMTP_ITER_SAVE_DEST(state->iterator);
     if (*addr_list && SMTP_RCPT_LEFT(state) > 0
+       && HAVE_NEXTHOP_STATE(state)
        && (session = smtp_reuse_nexthop(state, 
SMTP_KEY_MASK_SCACHE_DEST_LABEL)) != 0) {
        session_count = 1;
        smtp_update_addr_list(addr_list, STR(iter->addr), session_count);
@@ -716,7 +717,7 @@
        iter->rr = addr;
 #ifdef USE_TLS
        if (!smtp_tls_policy_cache_query(why, state->tls, iter)) {
-           msg_info("TLS policy lookup error for %s/%s: %s",
+           msg_warn("TLS policy lookup error for %s/%s: %s",
                     STR(iter->dest), STR(iter->host), STR(why->reason));
            continue;
            /* XXX Assume there is no code at the end of this loop. */
@@ -956,7 +957,7 @@
            iter->rr = addr;
 #ifdef USE_TLS
            if (!smtp_tls_policy_cache_query(why, state->tls, iter)) {
-               msg_info("TLS policy lookup for %s/%s: %s",
+               msg_warn("TLS policy lookup for %s/%s: %s",
                         STR(iter->dest), STR(iter->host), STR(why->reason));
                continue;
                /* XXX Assume there is no code at the end of this loop. */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/smtp/smtp_tls_policy.c 
new/postfix-2.11.3/src/smtp/smtp_tls_policy.c
--- old/postfix-2.11.0/src/smtp/smtp_tls_policy.c       2014-01-09 
16:00:36.000000000 +0100
+++ new/postfix-2.11.3/src/smtp/smtp_tls_policy.c       2014-03-03 
20:53:26.000000000 +0100
@@ -525,8 +525,8 @@
     /*
      * DANE initialization may change the security level to something else,
      * so do this early, so that we use the right level below.  Note that
-     * "dane-only" changes to "dane" after any fallback strategies are
-     * applied.
+     * "dane-only" changes to "dane" once we obtain the requisite TLSA
+     * records.
      */
     if (tls->level == TLS_LEV_DANE || tls->level == TLS_LEV_DANE_ONLY)
        dane_init(tls, iter);
@@ -706,6 +706,7 @@
 
 #define NONDANE_CONFIG 0               /* Administrator's fault */
 #define NONDANE_DEST   1               /* Remote server's fault */
+#define DANE_UNUSABLE  2               /* Remote server's fault */
 
 static void PRINTFLIKE(4, 5) dane_incompat(SMTP_TLS_POLICY *tls,
                                                   SMTP_ITERATOR *iter,
@@ -716,12 +717,12 @@
 
     va_start(ap, fmt);
     if (tls->level == TLS_LEV_DANE) {
-       tls->level = TLS_LEV_MAY;
+       tls->level = (errtype == DANE_UNUSABLE) ? TLS_LEV_ENCRYPT : TLS_LEV_MAY;
        if (errtype == NONDANE_CONFIG)
            vmsg_warn(fmt, ap);
        else if (msg_verbose)
            vmsg_info(fmt, ap);
-    } else {
+    } else {                                   /* dane-only */
        if (errtype == NONDANE_CONFIG) {
            vmsg_warn(fmt, ap);
            MARK_INVALID(tls->why, &tls->level);
@@ -816,7 +817,8 @@
      * given verifier some of the CAs are surely not trustworthy).
      */
     if (tls_dane_unusable(dane)) {
-       dane_incompat(tls, iter, NONDANE_DEST, "TLSA records unusable");
+       dane_incompat(tls, iter, DANE_UNUSABLE, "TLSA records unusable");
+       tls_dane_free(dane);
        return;
     }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/smtpd/smtpd.c 
new/postfix-2.11.3/src/smtpd/smtpd.c
--- old/postfix-2.11.0/src/smtpd/smtpd.c        2014-01-06 19:52:27.000000000 
+0100
+++ new/postfix-2.11.3/src/smtpd/smtpd.c        2014-10-18 23:14:21.000000000 
+0200
@@ -2985,7 +2985,7 @@
     }
 
     /*
-     * PREPEND message headers.
+     * PREPEND message headers above our own Received: header.
      */
     if (state->prepend)
        for (cpp = state->prepend->argv; *cpp; cpp++)
@@ -3080,6 +3080,7 @@
                    "\t(envelope-from %s)", STR(state->buffer));
 #endif
     }
+
     smtpd_chat_reply(state, "354 End data with <CR><LF>.<CR><LF>");
     state->where = SMTPD_AFTER_DATA;
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/smtpd/smtpd_check.c 
new/postfix-2.11.3/src/smtpd/smtpd_check.c
--- old/postfix-2.11.0/src/smtpd/smtpd_check.c  2013-11-12 19:00:11.000000000 
+0100
+++ new/postfix-2.11.3/src/smtpd/smtpd_check.c  2014-09-21 02:34:20.000000000 
+0200
@@ -3844,7 +3844,7 @@
                                         SMTPD_NAME_CLIENT, def_acl);
        } else if (is_map_command(state, name, CHECK_REVERSE_CLIENT_ACL, &cpp)) 
{
            status = check_namadr_access(state, *cpp, state->reverse_name, 
state->addr,
-                                        FULL, &found, state->namaddr,
+                                        FULL, &found, state->reverse_name,
                                         SMTPD_NAME_REV_CLIENT, def_acl);
            forbid_whitelist(state, name, status, state->reverse_name);
        } else if (strcasecmp(name, REJECT_MAPS_RBL) == 0) {
@@ -3927,14 +3927,14 @@
        } else if (is_map_command(state, name, CHECK_REVERSE_CLIENT_NS_ACL, 
&cpp)) {
            if (strcasecmp(state->reverse_name, "unknown") != 0) {
                status = check_server_access(state, *cpp, state->reverse_name,
-                                            T_NS, state->namaddr,
+                                            T_NS, state->reverse_name,
                                             SMTPD_NAME_REV_CLIENT, def_acl);
                forbid_whitelist(state, name, status, state->reverse_name);
            }
        } else if (is_map_command(state, name, CHECK_REVERSE_CLIENT_MX_ACL, 
&cpp)) {
            if (strcasecmp(state->reverse_name, "unknown") != 0) {
                status = check_server_access(state, *cpp, state->reverse_name,
-                                            T_MX, state->namaddr,
+                                            T_MX, state->reverse_name,
                                             SMTPD_NAME_REV_CLIENT, def_acl);
                forbid_whitelist(state, name, status, state->reverse_name);
            }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.0/src/tls/tls_client.c 
new/postfix-2.11.3/src/tls/tls_client.c
--- old/postfix-2.11.0/src/tls/tls_client.c     2013-12-15 14:35:52.000000000 
+0100
+++ new/postfix-2.11.3/src/tls/tls_client.c     2014-02-23 18:25:52.000000000 
+0100
@@ -1045,7 +1045,9 @@
      */
     if (log_mask & TLS_LOG_SUMMARY)
        msg_info("%s TLS connection established to %s: %s with cipher %s "
-             "(%d/%d bits)", TLS_CERT_IS_MATCHED(TLScontext) ? "Verified" :
+                "(%d/%d bits)",
+                !TLS_CERT_IS_PRESENT(TLScontext) ? "Anonymous" :
+                TLS_CERT_IS_MATCHED(TLScontext) ? "Verified" :
                 TLS_CERT_IS_TRUSTED(TLScontext) ? "Trusted" : "Untrusted",
              props->namaddr, TLScontext->protocol, TLScontext->cipher_name,
                 TLScontext->cipher_usebits, TLScontext->cipher_algbits);

-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

commit postfix for openSUSE:Factory

Reply via email to