Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package postfix for openSUSE:Factory checked
in at 2024-05-16 17:12:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postfix (Old)
and /work/SRC/openSUSE:Factory/.postfix.new.1880 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix"
Thu May 16 17:12:37 2024 rev:238 rq:1173989 version:3.9.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/postfix/postfix-bdb.changes 2024-03-06
23:03:59.604142328 +0100
+++ /work/SRC/openSUSE:Factory/.postfix.new.1880/postfix-bdb.changes
2024-05-16 17:12:51.886897723 +0200
@@ -1,0 +2,88 @@
+Thu Mar 7 18:42:30 UTC 2024 - Arjen de Korte <suse+bu...@de-korte.org>
+
+- update to 3.9.0
+ * As described in DEPRECATION_README, the SMTP server features
+ "permit_naked_ip_address", "check_relay_domains", and
+ "reject_maps_rbl" have been removed, after they have been logging
+ a warning for some 20 years. These features now log a warning
+ and return a "server configuration error" response.
+ * The MySQL client no longer supports MySQL versions < 4.0. MySQL
+ version 4.0 was released in 2003.
+ * As covered in DEPRECATION_README, the configuration parameter
+ "disable_dns_lookup" and about a dozen TLS-related parameters
+ are now officially obsolete. These parameters still work, but
+ the postconf command logs warnings that they will be removed
+ from Postfix.
+ * As covered in DEPRECATION_README, "permit_mx_backup" logs a
+ warning that it will be removed from Postfix.
+ * In message headers, Postfix now formats numerical days as
+ two-digit days, i.e. days 1-9 have a leading zero instead of a
+ leading space. This change was made because the RFC 5322 date
+ and time specification recommends (i.e. SHOULD) that a single
+ space be used in each place that folding white space appears.
+ This change avoids a breaking change in the length of a date
+ string.
+ * The MySQL client default characterset is now configurable with
+ the "charset" configuration file attribute. The default is
+ "utf8mb4", consistent with the MySQL 8.0 built-in default, but
+ different from earlier MySQL versions where the built-in default
+ was "latin1".
+ * Support to query MongoDB databases, contributed by Hamid Maadani,
+ based on earlier code by Stephan Ferraro. See MONGODB_README
+ and mongodb_table(5)
+ * The RFC 3461 envelope ID is now exported in the local(8) delivery
+ agent with the ENVID environment variable, and in the pipe(8)
+ delivery agent with the ${envid} command-line attribute.
+ * Configurable idle and retry timer settings in the mysql: and
+ pgsql: clients. A shorter than default retry timer can sped up
+ the recovery after error, when Postfix is configured with only
+ one server in the "hosts" attribute. After the code was frozen
+ for release, we have learned that Postfix can recover faster
+ from some errors when the single server is specified multiple
+ times in the "hosts" attribute.
+ * Optional Postfix TLS support to request an RFC7250 raw public
+ key instead of an X.509 public-key certificate. The configuration
+ settings for raw key public support will be ignored when there
+ is no raw public key support in the local TLS implementation
+ (i.e. Postfix with OpenSSL versions before 3.2). See RELEASE_NOTES
+ for more information.
+ * Preliminary support for OpenSSL configuration files, primarily
+ OpenSSL 1.1.1b and later. This introduces two new parameters
+ "tls_config_file" and "tls_config_name", which can be used to
+ limit collateral damage from OS distributions that crank up
+ security to 11, increasing the number of plaintext email
+ deliveries. Details are in the postconf(5) manpage under
+ "tls_config_file" and "tls_config_name".
+ * With "smtpd_forbid_unauth_pipelining = yes" (the default),
+ Postfix defends against multiple "blind" SMTP attacks. This
+ feature was back-ported to older stable releases but disabled
+ by default.
+ * With "smtpd_forbid_bare_newline = normalize" (the default)
+ Postfix defends against SMTP smuggling attacks. See RELEASE_NOTES
+ for details. This feature was back-ported to older stable
+ releases but disabled by default.
+ * Prevent outbound SMTP smuggling, where an attacker uses Postfix
+ to send email containing a non-standard End-of-DATA sequence,
+ to exploit inbound SMTP smuggling at a vulnerable remote SMTP
+ server. With "cleanup_replace_stray_cr_lf = yes" (the default),
+ the cleanup daemon replaces each stray <CR> or <LF> character
+ in message content with a space character. This feature was
+ back-ported to older stable releases with identical functionality.
+ * The Postfix DNS client now limits the total size of DNS lookup
+ results to 100 records; it drops the excess records, and logs
+ a warning. This limit is 20x larger than the number of server
+ addresses that the Postfix SMTP client is willing to consider
+ when delivering mail, and is far below the number of records
+ that could cause a tail recursion crash in dns_rr_append() as
+ reported by Toshifumi Sakaguchi. This also introduces a similar
+ limit on the number of DNS requests that a check_*_*_access
+ restriction can make. All this was back-ported to older stable
+ releases with identical functionality.
+- refreshed patch:
+ % postfix-no-md5.patch
+- change obsoleted "disable_dns_lookups" to "smtp_dns_support_level"
+ % postfix-SUSE.tar.gz
+ % postfix-main.cf.patch
+ % postfix-master.cf.patch
+
+-------------------------------------------------------------------
postfix.changes: same change
Old:
----
postfix-3.8.6.tar.gz
postfix-3.8.6.tar.gz.asc
New:
----
postfix-3.9.0.tar.gz
postfix-3.9.0.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ postfix-bdb.spec ++++++
--- /var/tmp/diff_new_pack.90suQF/_old 2024-05-16 17:12:58.595140854 +0200
+++ /var/tmp/diff_new_pack.90suQF/_new 2024-05-16 17:12:58.599140999 +0200
@@ -59,7 +59,7 @@
%endif
%bcond_without ldap
Name: postfix-bdb
-Version: 3.8.6
+Version: 3.9.0
Release: 0
Summary: A fast, secure, and flexible mailer
License: EPL-2.0 OR IPL-1.0
postfix.spec: same change
++++++ postfix-3.8.6.tar.gz -> postfix-3.9.0.tar.gz ++++++
++++ 27791 lines of diff (skipped)
++++++ postfix-SUSE.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/postfix-SUSE/config.postfix
new/postfix-SUSE/config.postfix
--- old/postfix-SUSE/config.postfix 2023-09-18 14:39:38.192120920 +0200
+++ new/postfix-SUSE/config.postfix 2024-03-08 13:22:11.000000000 +0100
@@ -417,9 +417,9 @@
fi
if test "$POSTFIX_NODNS" == "yes"; then
- $PCONF -e "disable_dns_lookups = yes"
+ $PCONF -e "smtp_dns_support_level = disabled"
else
- $PCONF -e "disable_dns_lookups = no"
+ $PCONF -e "smtp_dns_support_level = enabled"
fi
if test -n "$POSTFIX_RELAYHOST"; then
$PCONF -e "relayhost = $POSTFIX_RELAYHOST"
@@ -1083,7 +1083,7 @@
} else {
$line = " ".$1;
}
- } elsif ( /^\#?\s\s(-o\s+disable_dns_lookups=.*)/ ) {
+ } elsif ( /^\#?\s\s(-o\s+smtp_dns_support_level=.*)/ ) {
if ( $use_amavis ne "yes" ) {
$line = "# ".$1;
} else {
++++++ postfix-main.cf.patch ++++++
--- /var/tmp/diff_new_pack.90suQF/_old 2024-05-16 17:13:00.191198701 +0200
+++ /var/tmp/diff_new_pack.90suQF/_new 2024-05-16 17:13:00.195198846 +0200
@@ -71,7 +71,7 @@
+biff = no
+content_filter =
+delay_warning_time = 0h
-+disable_dns_lookups = no
++smtp_dns_support_level = enabled
+disable_mime_output_conversion = no
+disable_vrfy_command = yes
+inet_interfaces = all
++++++ postfix-master.cf.patch ++++++
--- /var/tmp/diff_new_pack.90suQF/_old 2024-05-16 17:13:00.207199281 +0200
+++ /var/tmp/diff_new_pack.90suQF/_new 2024-05-16 17:13:00.211199426 +0200
@@ -9,7 +9,7 @@
+#amavis unix - - n - 4 smtp
+# -o smtp_data_done_timeout=1200
+# -o smtp_send_xforward_command=yes
-+# -o disable_dns_lookups=yes
++# -o smtp_dns_support_level=disabled
+# -o max_use=20
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
++++++ postfix-no-md5.patch ++++++
--- /var/tmp/diff_new_pack.90suQF/_old 2024-05-16 17:13:00.223199861 +0200
+++ /var/tmp/diff_new_pack.90suQF/_new 2024-05-16 17:13:00.227200006 +0200
@@ -2,7 +2,7 @@
===================================================================
--- src/global/mail_params.h.orig
+++ src/global/mail_params.h
-@@ -1387,7 +1387,7 @@ extern char *var_smtpd_tls_mand_excl;
+@@ -1391,7 +1391,7 @@ extern char *var_smtpd_tls_mand_excl;
#define VAR_SMTPD_TLS_FPT_DGST "smtpd_tls_fingerprint_digest"
#define DEF_SMTPD_TLS_FPT_DGST "${{$compatibility_level} <level {3.6}
? " \
@@ -11,7 +11,7 @@
extern char *var_smtpd_tls_fpt_dgst;
#define VAR_SMTPD_TLS_512_FILE "smtpd_tls_dh512_param_file"
-@@ -1549,10 +1549,10 @@ extern char *var_smtp_tls_mand_excl;
+@@ -1553,10 +1553,10 @@ extern char *var_smtp_tls_mand_excl;
#define VAR_SMTP_TLS_FPT_DGST "smtp_tls_fingerprint_digest"
#define DEF_SMTP_TLS_FPT_DGST "${{$compatibility_level} <level {3.6} ? " \
@@ -23,5 +23,5 @@
+ "{sha1} : {sha256}}"
extern char *var_smtp_tls_fpt_dgst;
- #define VAR_SMTP_TLS_TAFILE "smtp_tls_trust_anchor_file"
+ #define VAR_SMTP_TLS_ENABLE_RPK "smtp_tls_enable_rpk"
