Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at 2026-03-10 17:46:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfix (Old) and /work/SRC/openSUSE:Factory/.postfix.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix" Tue Mar 10 17:46:51 2026 rev:268 rq:1337622 version:3.11.0 Changes: -------- --- /work/SRC/openSUSE:Factory/postfix/postfix-bdb.changes 2026-02-27 17:07:52.535055534 +0100 +++ /work/SRC/openSUSE:Factory/.postfix.new.8177/postfix-bdb.changes 2026-03-10 17:47:03.556058082 +0100 @@ -1,0 +2,52 @@ +Thu Mar 5 19:18:44 UTC 2026 - Arjen de Korte <[email protected]> + +- update to 3.11.0 + * Some (Linux) distributions are removing support for BerkeleyDB + databases (In Postfix, this means we lose support for the hash: + and btree: lookup tables). See NON_BERKELEYDB_README for manual and + partially automatic migration from btree: to lmdb:, and from hash: + to lmdb: or cdb:. + * The loss of BerkeleyDB affects Mailman versions that want to execute + commands like "postmap hash:/path/to/file" when a mailing list is + added or removed. Postfix provides a way to redirect such commands + to a supported database type. + * You don't have to wait until BerkeleyDB support is removed. It can + make sense to migrate while BerkeleyDB support is still available + (mainly, less downtime). + * Default TLS security. The Postfix SMTP client smtp_tls_security_level + default value is "may" if Postfix was built with TLS support, and + the compatibility_level is 3.11 or higher. + * Support for the RFC 8689 "REQUIRETLS" verb in ESMTP. This requires + that every SMTP (and LMTP) server in the forward path is strongly + authenticated with DANE, STS, or equivalent, and that every server + announces REQUIRETLS support. + * Logging the TLS security level. This shows the desired and actual + TLS security level enforcement status and, if a message requests + REQUIRETLS, the REQUIRETLS policy enforcement status. For a list of + examples see smtp_log_tls_feature_status + * Workaround for an interface mismatch between the Postfix SMTP + client and MTA-STS policy plugins. This introduces a new parameter + smtp_tls_enforce_sts_mx_patterns (default: "yes"). The MTA-STS + plugin configuration needs to enable TLSRPT support, so that it + forwards STS policy attributes to Postfix. Both postfix-tlspol and + postfix-mta-sts-resolver have been updated accordingly. + * Post-quantum cryptography support. With OpenSSL 3.5 and later, change + the tls_eecdh_auto_curves default value to avoid problems with network + infrastructure that mishandles TLS hello messages larger than one + (Ethernet) TCP segment. This problem is more generally known as + "protocol ossification". + * Deprecation of obsolete parameters. Postfix programs log a warning + that these parameters will be removed. See DEPRECATION_README for + a list of deprecated parameters. + * JSON output support with "postconf -j|-jM|-jF|-jP", "postalias + -jq|-js", "postmap -jq|-js", and "postmulti -jl". No support is + planned for JSON input support. + * Milter support: improved Milter error handling for messages that + arrive over a long-lived SMTP connection, by changing the default + milter_default_action from "tempfail" to the new "shutdown" action + (i.e. disconnect the remote SMTP client). This was already back-ported + to earlier stable releases. +- refreshed patches + % postfix-linux45.patch + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2026-02-27 17:07:52.787065979 +0100 +++ /work/SRC/openSUSE:Factory/.postfix.new.8177/postfix.changes 2026-03-10 17:47:03.612060393 +0100 @@ -1,0 +2,53 @@ +Thu Mar 5 19:18:44 UTC 2026 - Arjen de Korte <[email protected]> + +- update to 3.11.0 + * Some (Linux) distributions are removing support for BerkeleyDB + databases (In Postfix, this means we lose support for the hash: + and btree: lookup tables). See NON_BERKELEYDB_README for manual and + partially automatic migration from btree: to lmdb:, and from hash: + to lmdb: or cdb:. + * The loss of BerkeleyDB affects Mailman versions that want to execute + commands like "postmap hash:/path/to/file" when a mailing list is + added or removed. Postfix provides a way to redirect such commands + to a supported database type. + * You don't have to wait until BerkeleyDB support is removed. It can + make sense to migrate while BerkeleyDB support is still available + (mainly, less downtime). + * Default TLS security. The Postfix SMTP client smtp_tls_security_level + default value is "may" if Postfix was built with TLS support, and + the compatibility_level is 3.11 or higher. + * Support for the RFC 8689 "REQUIRETLS" verb in ESMTP. This requires + that every SMTP (and LMTP) server in the forward path is strongly + authenticated with DANE, STS, or equivalent, and that every server + announces REQUIRETLS support. + * Logging the TLS security level. This shows the desired and actual + TLS security level enforcement status and, if a message requests + REQUIRETLS, the REQUIRETLS policy enforcement status. For a list of + examples see smtp_log_tls_feature_status + * Workaround for an interface mismatch between the Postfix SMTP + client and MTA-STS policy plugins. This introduces a new parameter + smtp_tls_enforce_sts_mx_patterns (default: "yes"). The MTA-STS + plugin configuration needs to enable TLSRPT support, so that it + forwards STS policy attributes to Postfix. Both postfix-tlspol and + postfix-mta-sts-resolver have been updated accordingly. + * Post-quantum cryptography support. With OpenSSL 3.5 and later, change + the tls_eecdh_auto_curves default value to avoid problems with network + infrastructure that mishandles TLS hello messages larger than one + (Ethernet) TCP segment. This problem is more generally known as + "protocol ossification". + * Deprecation of obsolete parameters. Postfix programs log a warning + that these parameters will be removed. See DEPRECATION_README for + a list of deprecated parameters. + * JSON output support with "postconf -j|-jM|-jF|-jP", "postalias + -jq|-js", "postmap -jq|-js", and "postmulti -jl". No support is + planned for JSON input support. + * Milter support: improved Milter error handling for messages that + arrive over a long-lived SMTP connection, by changing the default + milter_default_action from "tempfail" to the new "shutdown" action + (i.e. disconnect the remote SMTP client). This was already back-ported + to earlier stable releases. +- refreshed patches + % postfix-linux45.patch + % set-default-db-type.patch + +------------------------------------------------------------------- Old: ---- postfix-3.10.8.tar.gz postfix-3.10.8.tar.gz.asc New: ---- postfix-3.11.0.tar.gz postfix-3.11.0.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix-bdb.spec ++++++ --- /var/tmp/diff_new_pack.efoCfV/_old 2026-03-10 17:47:04.856111747 +0100 +++ /var/tmp/diff_new_pack.efoCfV/_new 2026-03-10 17:47:04.856111747 +0100 @@ -54,7 +54,7 @@ %endif %bcond_without ldap Name: postfix-bdb -Version: 3.10.8 +Version: 3.11.0 Release: 0 Summary: A fast, secure, and flexible mailer License: EPL-2.0 OR IPL-1.0 ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.efoCfV/_old 2026-03-10 17:47:04.928114719 +0100 +++ /var/tmp/diff_new_pack.efoCfV/_new 2026-03-10 17:47:04.932114884 +0100 @@ -42,7 +42,7 @@ %endif %bcond_without ldap Name: postfix -Version: 3.10.8 +Version: 3.11.0 Release: 0 Summary: A fast, secure, and flexible mailer License: EPL-2.0 OR IPL-1.0 @@ -227,8 +227,8 @@ #export AUXLIBS_SQLITE #export AUXLIBS_CDB #export AUXLIBS_SDBM -# Remove berkeley DB and set lmdb as default -export CCARGS="${CCARGS} -DNO_DB -DDEF_DB_TYPE=\\\"lmdb\\\"" +# Remove berkeley DB +export CCARGS="${CCARGS} -DNO_DB" export PIE=-pie # using SHLIB_RPATH to specify unrelated linker flags, because LDFLAGS is @@ -247,6 +247,8 @@ setgid_group=%{pf_setgid_group} \ readme_directory=%{pf_readme_directory} \ data_directory=%{pf_data_directory} \ + default_database_type=lmdb \ + default_cache_db_type=lmdb \ SHLIB_RPATH="-Wl,-rpath,%{pf_shlib_directory} -Wl,-z,relro,-z,now" %make_build # Create postfix user ++++++ postfix-3.10.8.tar.gz -> postfix-3.11.0.tar.gz ++++++ ++++ 61676 lines of diff (skipped) ++++++ postfix-linux45.patch ++++++ --- /var/tmp/diff_new_pack.efoCfV/_old 2026-03-10 17:47:08.572265148 +0100 +++ /var/tmp/diff_new_pack.efoCfV/_new 2026-03-10 17:47:08.576265312 +0100 @@ -10,7 +10,7 @@ : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} : ${PLUGIN_LD="${CC-gcc} -shared"} ;; -- Linux.[3456].*) +- Linux.[34567].*) - SYSTYPE=LINUX$RELEASE_MAJOR + Linux.[3-9].*|Linux.[1-9][0-9].*) + SYSTYPE=LINUX3 ++++++ set-default-db-type.patch ++++++ --- /var/tmp/diff_new_pack.efoCfV/_old 2026-03-10 17:47:08.728271587 +0100 +++ /var/tmp/diff_new_pack.efoCfV/_new 2026-03-10 17:47:08.740272083 +0100 @@ -9,7 +9,7 @@ -#define NATIVE_DB_TYPE "hash" +#define NATIVE_DB_TYPE "lmdb" #if (defined(__NetBSD_Version__) && __NetBSD_Version__ >= 104250000) - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/mail/aliases" /* sendmail 8.10 */ + #define ALIAS_DB_MAP "$default_database_type:/etc/mail/aliases" /* sendmail 8.10 */ #endif @@ -234,7 +234,7 @@ #define HAS_FSYNC @@ -17,7 +17,7 @@ #define HAS_SA_LEN -#define NATIVE_DB_TYPE "hash" +#define NATIVE_DB_TYPE "lmdb" - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" + #define ALIAS_DB_MAP "$default_database_type:/etc/aliases" #define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0) #define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin" @@ -291,7 +291,7 @@ @@ -26,7 +26,7 @@ #ifdef HAS_DB -#define NATIVE_DB_TYPE "hash" +#define NATIVE_DB_TYPE "lmdb" - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" + #define ALIAS_DB_MAP "$default_database_type:/etc/aliases" #else #define HAS_DBM @@ -775,7 +775,7 @@ extern int initgroups(const char *, int) @@ -35,7 +35,7 @@ #define HAS_DB -#define NATIVE_DB_TYPE "hash" +#define NATIVE_DB_TYPE "lmdb" - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" + #define ALIAS_DB_MAP "$default_database_type:/etc/aliases" #ifndef NO_NIS #define HAS_NIS @@ -851,7 +851,7 @@ extern int initgroups(const char *, int) @@ -44,7 +44,7 @@ #define HAS_DB -#define NATIVE_DB_TYPE "hash" +#define NATIVE_DB_TYPE "lmdb" - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" + #define ALIAS_DB_MAP "$default_database_type:/etc/aliases" #ifndef NO_NIS #define HAS_NIS @@ -884,7 +884,7 @@ extern int initgroups(const char *, int) @@ -53,7 +53,7 @@ #define HAS_DB -#define NATIVE_DB_TYPE "hash" +#define NATIVE_DB_TYPE "lmdb" - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" + #define ALIAS_DB_MAP "$default_database_type:/etc/aliases" #ifndef NO_NIS #define HAS_NIS @@ -1209,7 +1209,7 @@ extern int opterr; /* XXX use <getopt. @@ -62,31 +62,9 @@ #define HAS_FSYNC -#define NATIVE_DB_TYPE "hash" +#define NATIVE_DB_TYPE "lmdb" - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" + #define ALIAS_DB_MAP "$default_database_type:/etc/aliases" /* Uncomment the following line if you have NIS package installed */ /* #define HAS_NIS */ -Index: src/global/mail_params.h -=================================================================== ---- src/global/mail_params.h.orig -+++ src/global/mail_params.h -@@ -2980,7 +2980,7 @@ extern int var_vrfy_pend_limit; - extern char *var_verify_service; - - #define VAR_VERIFY_MAP "address_verify_map" --#define DEF_VERIFY_MAP "btree:$data_directory/verify_cache" -+#define DEF_VERIFY_MAP "lmdb:$data_directory/verify_cache" - extern char *var_verify_map; - - #define VAR_VERIFY_POS_EXP "address_verify_positive_expire_time" -@@ -3800,7 +3800,7 @@ extern char *var_multi_cntrl_cmds; - * postscreen(8) - */ - #define VAR_PSC_CACHE_MAP "postscreen_cache_map" --#define DEF_PSC_CACHE_MAP "btree:$data_directory/postscreen_cache" -+#define DEF_PSC_CACHE_MAP "lmdb:$data_directory/postscreen_cache" - extern char *var_psc_cache_map; - - #define VAR_SMTPD_SERVICE "smtpd_service_name" Index: man/man1/postmap.1 =================================================================== --- man/man1/postmap.1.orig
